Bug 617016 (CVE-2016-10219)

Summary:	<app-text/ghostscript-gpl-9.21: Divide-by-zero in the intersect function
Product:	Gentoo Security	Reporter:	Ian Zimmerman <nobrowser>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	normal	CC:	printing
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa cve]
Package list:		Runtime testing required:	---
Bug Depends on:	616814
Bug Blocks:

Description Ian Zimmerman 2017-04-29 17:04:33 UTC

RH summary [1]:

The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript allows attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted file.

Upstream patch [2]

Upstream ref [3]

[1] https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-10219
[2] http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
[3] https://bugs.ghostscript.com/show_bug.cgi?id=697453

Comment 1 Andreas K. Hüttel archtester

2017-06-09 22:56:26 UTC

Version bump pushed.

Comment 2 Yury German Gentoo Infrastructure

2017-08-02 04:04:47 UTC

Added to an existing GLSA Request.

Comment 3 GLSAMaker/CVETool Bot gentoo-dev

2017-08-21 01:16:22 UTC

This issue was resolved and addressed in
 GLSA 201708-06 at https://security.gentoo.org/glsa/201708-06
by GLSA coordinator Thomas Deutschmann (whissi).

Comment 4 Thomas Deutschmann (RETIRED) gentoo-dev

2017-08-21 01:19:34 UTC

Re-opening for remaining architecture.

Comment 5 Aaron Bauman (RETIRED) gentoo-dev

2017-10-08 20:32:42 UTC

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=cf8f468602a503510b8ccb45b2a0c80f37c83949