Bug 697799

Summary: corruption of operand stack
Product: Ghostscript Reporter: Chris Liddell (chrisl) <chris.liddell>
Component: PS InterpreterAssignee: Chris Liddell (chrisl) <chris.liddell>
Status: RESOLVED FIXED    
Severity: normal CC: arasanpoo, cbuissar, gabriel.gilder, henry.stiles, mhart, omarandemad, sbeattie, seth.arnold, spiri_alecs
Priority: P4    
Version: master   
Hardware: PC   
OS: Linux   
Customer: Word Size: ---

Comment 2 Chris Liddell (chrisl) 2017-04-27 01:24:03 UTC
*** Bug 697808 has been marked as a duplicate of this bug. ***
Comment 4 Steve Beattie 2017-04-27 23:41:45 UTC
This was assigned CVE-2017-8291. Thanks.
Comment 5 Poovarasan Dhanapal 2017-04-28 06:12:27 UTC
What is the new version of ghostscript build with this issue fix.
Comment 6 Ken Sharp 2017-04-28 06:16:20 UTC
(In reply to Poovarasan Dhanapal from comment #5)
> What is the new version of ghostscript build with this issue fix.

Any SHA from our Git repository after the stated commit.
Comment 7 Gabriel Gilder 2017-05-01 16:59:48 UTC
Will there be a release cut soon with this patch? Would be great to have available via package managers.
Comment 8 Ken Sharp 2017-05-01 23:49:33 UTC
(In reply to Gabriel Gilder from comment #7)
> Will there be a release cut soon with this patch? Would be great to have
> available via package managers.

The next release of Ghostscript is due for September.
Comment 9 Chris Liddell (chrisl) 2017-05-02 00:44:57 UTC
Debian, Ubuntu, Fedora have all patched their respective Ghostscript packages and rolled out the fix (amongst others). I'm sure the other distros will be doing so soon - and if they don't, they're unlikely to pull in a new version, either, so....
Comment 10 Chris Liddell (chrisl) 2017-05-03 07:08:19 UTC
Note that to support some (rather unpleasant and rarely used) features, the following revision is required in addition to the above commits:
http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=57f20719

(This relates to pstoedit's use of Ghostscript).
Comment 11 Alecs 2017-05-08 01:02:29 UTC
(In reply to Chris Liddell (chrisl) from comment #3)
> This is fixed with:
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
> 
> and
> 
> https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1

Hi Chris,

I get a Gateway Timeout message when clicking these links. Any chance you could post the version number here?

Thanks!
Comment 12 Ken Sharp 2017-05-08 01:12:42 UTC
(In reply to Alecs from comment #11)
> (In reply to Chris Liddell (chrisl) from comment #3)
> > This is fixed with:
> > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=4f83478c88
> > 
> > and
> > 
> > https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=04b37bbce1
> 
> Hi Chris,
> 
> I get a Gateway Timeout message when clicking these links.

I'm afraid our server is undergoing a lot of load a the moment, we're trying to work out why. You will need to get the patches from here, so keep trying from time to time, it should eventually get solved.


> Any chance you
> could post the version number here?

There is no version number, we have not made a new release and do not currently plan to make another release until our regularly scheduled release in September.
Comment 13 Steve Beattie 2017-05-16 12:57:04 UTC
For people backporting patches, please note that in addition to the additional patch that Chris Liddell highlighted in Comment 10, the following patch is also needed http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=ccfd2c75 as just applying 57f20719 will result in a ghostscript that segfaults with the original reproducer.