Debian Bug report logs - #335497
CVE-2005-3278: Local root exploit in Postscript handling

version graph

Package: bmv; Maintainer for bmv is (unknown);

Reported by: Moritz Muehlenhoff <jmm@inutil.org>

Date: Mon, 24 Oct 2005 14:48:02 UTC

Severity: grave

Tags: security

Found in version bmv/1.2-17

Fixed in version bmv/1.2-18

Done: Guillem Jover <guillem@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Guillem Jover <guillem@debian.org>:
Bug#335497; Package bmv. Full text and rfc822 format available.

Acknowledgement sent to Moritz Muehlenhoff <jmm@inutil.org>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Guillem Jover <guillem@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Moritz Muehlenhoff <jmm@inutil.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: CVE-2005-3278: Local root exploit in Postscript handling
Date: Mon, 24 Oct 2005 11:52:12 +0200
Package: bmv
Version: 1.2-17
Severity: grave
Tags: security
Justification: user security hole

An integer overflow in bmv can lead to a local privilege escalation.
Please see http://felinemenace.org/advisories/bmv_advisory.txt for
details. This has been assigned CVE-2005-3278, please mention so
in the changelog.

The advisory mentions another vulnerability, which doesn't affect
the binary package, this has been assigned CVE-2005-3279.

Cheers,
        Moritz

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.14-rc1
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15@euro (charmap=ISO-8859-15)

Versions of packages bmv depends on:
ii  gs-gpl [gs]                   8.15-4     The GPL Ghostscript PostScript int
ii  libc6                         2.3.5-7    GNU C Library: Shared libraries an
ii  libsvga1                      1:1.4.3-22 console SVGA display libraries

bmv recommends no packages.

-- no debconf information



Reply sent to Guillem Jover <guillem@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Moritz Muehlenhoff <jmm@inutil.org>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 335497-close@bugs.debian.org (full text, mbox):

From: Guillem Jover <guillem@debian.org>
To: 335497-close@bugs.debian.org
Subject: Bug#335497: fixed in bmv 1.2-18
Date: Wed, 26 Oct 2005 21:32:05 -0700
Source: bmv
Source-Version: 1.2-18

We believe that the bug you reported is fixed in the latest version of
bmv, which is due to be installed in the Debian FTP archive:

bmv_1.2-18.diff.gz
  to pool/main/b/bmv/bmv_1.2-18.diff.gz
bmv_1.2-18.dsc
  to pool/main/b/bmv/bmv_1.2-18.dsc
bmv_1.2-18_i386.deb
  to pool/main/b/bmv/bmv_1.2-18_i386.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 335497@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Guillem Jover <guillem@debian.org> (supplier of updated bmv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Thu, 27 Oct 2005 07:12:47 +0300
Source: bmv
Binary: bmv
Architecture: source i386
Version: 1.2-18
Distribution: unstable
Urgency: high
Maintainer: Guillem Jover <guillem@debian.org>
Changed-By: Guillem Jover <guillem@debian.org>
Description: 
 bmv        - PostScript viewer for SVGAlib
Closes: 260537 335326 335497
Changes: 
 bmv (1.2-18) unstable; urgency=high
 .
   * Update watch file to version 3.
   * Now using Standards-Version 3.6.2 (no changes needed).
   * Lower case manpage header title.
   * Disallow heap corruption when giving the proper argument to "%%Pages:"
     on a PostScript file [CVE-2005-3278]. (Closes: #335497)
   * Update FSF's address.
   * Fix the license statement in debian/copyright to refer to the GPL
     instead of the LGPL.
   * Fix typo in manpage. (Closes: #335326)
     Thanks A Costa <agcosta@gis.net>.
   * Add detail to the -v option description in the manpage. (Closes: #260537)
     Thanks A Costa <agcosta@gis.net>.
Files: 
 fde9ef089721017a70fe139c7a158b05 557 text optional bmv_1.2-18.dsc
 590ef95d4724fba0f29efd7158f2ff9d 13222 text optional bmv_1.2-18.diff.gz
 0a33c0bbfc24ec083f6e681d9c0d708c 23628 text optional bmv_1.2-18_i386.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFDYFQvuW9ciZ2SjJsRAgdIAJ0dmpGqhff4xHpCODkIu/NxA38o8ACcDpQw
ZFOKH6VhbO9SQx+Jo4BnYs0=
=U1oB
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 07:48:28 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 20:39:03 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.