Debian Bug report logs - #398292
GNU gv "ps_gettext()" Buffer Overflow Vulnerability (CVE-2006-5864)

version graph

Package: gv; Maintainer for gv is Bernhard R. Link <brlink@debian.org>; Source for gv is src:gv.

Reported by: Stefan Fritsch <sf@sfritsch.de>

Date: Sun, 12 Nov 2006 21:18:06 UTC

Severity: grave

Tags: security

Found in versions gv/1:3.6.2-1, 3.6.1-10sarge1

Fixed in versions gv/1:3.6.2-2, 3.6.1-10sarge2

Done: Christoph Berg <myon@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Debian Security Team <team@security.debian.org>, Christoph Berg <myon@debian.org>:
Bug#398292; Package gv. Full text and rfc822 format available.

Acknowledgement sent to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Debian Security Team <team@security.debian.org>, Christoph Berg <myon@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Stefan Fritsch <sf@sfritsch.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: GNU gv "ps_gettext()" Buffer Overflow Vulnerability
Date: Sun, 12 Nov 2006 22:07:22 +0100
Package: gv
Version: 1:3.6.2-1
Severity: grave
Tags: security
Justification: user security hole

A vulnerability has been found in gv. From
http://secunia.com/advisories/22787/ :

"Renaud Lifchitz has reported a vulnerability in GNU gv, which can be exploited
by malicious people to compromise a user's system.

The vulnerability is caused due to a boundary error within the "ps_gettext()"
function in ps.c. This can be exploited to cause a stack-based buffer overflow
by e.g. tricking a user into opening a specially crafted PostScript file.

The vulnerability is reported in version 3.6.2. Other versions may also be
affected."


More information is at
http://sysdream.com/article.php?story_id=258&section_id=78



Changed Bug title. Request was from Christoph Berg <myon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Reply sent to Christoph Berg <myon@debian.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #12 received at 398292-close@bugs.debian.org (full text, mbox):

From: Christoph Berg <myon@debian.org>
To: 398292-close@bugs.debian.org
Subject: Bug#398292: fixed in gv 1:3.6.2-2
Date: Mon, 13 Nov 2006 09:17:15 -0800
Source: gv
Source-Version: 1:3.6.2-2

We believe that the bug you reported is fixed in the latest version of
gv, which is due to be installed in the Debian FTP archive:

gv_3.6.2-2.diff.gz
  to pool/main/g/gv/gv_3.6.2-2.diff.gz
gv_3.6.2-2.dsc
  to pool/main/g/gv/gv_3.6.2-2.dsc
gv_3.6.2-2_amd64.deb
  to pool/main/g/gv/gv_3.6.2-2_amd64.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 398292@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christoph Berg <myon@debian.org> (supplier of updated gv package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon, 13 Nov 2006 15:39:11 +0100
Source: gv
Binary: gv
Architecture: source amd64
Version: 1:3.6.2-2
Distribution: unstable
Urgency: high
Maintainer: Christoph Berg <myon@debian.org>
Changed-By: Christoph Berg <myon@debian.org>
Description: 
 gv         - PostScript and PDF viewer for X
Closes: 398292
Changes: 
 gv (1:3.6.2-2) unstable; urgency=high
 .
   * Apply patch by Werner Fink to fix ps_gettext() buffer overflow
     vulnerability (Closes: #398292, CVE-2006-5864).
   * Put @dircategory before @direntry so that it still works as debhelper
     doesn't parse INFO-DIR-SECTION anymore (See: #337215, Blame: texinfo).
Files: 
 d7812df010eaede7871df95efbfc5c0b 567 text optional gv_3.6.2-2.dsc
 09d4dadd1e0cb6bd07dfc4764c781038 12425 text optional gv_3.6.2-2.diff.gz
 2f89df4a1aa68a3e93b5039c89aad5a4 181326 text optional gv_3.6.2-2_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFWKUXxa93SlhRC1oRAkhfAKC3UfHSiU6Mzkq9Ay4YSn8aF6x6dACeIYDa
KyjERcR4/25Unl8lBWerzBE=
=MaTk
-----END PGP SIGNATURE-----




Bug marked as found in version 3.6.1-10sarge1. Request was from Christoph Berg <myon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug marked as fixed in version 3.6.1-10sarge2, send any further explanations to Stefan Fritsch <sf@sfritsch.de> Request was from Christoph Berg <myon@debian.org> to control@bugs.debian.org. Full text and rfc822 format available.

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 04:19:41 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 07:28:50 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.