[Secure-testing-team] Bug#840691: libgs9: security update DSA-3691-1 breaks zathura, evince, ... in jessie

Francesco Poli (wintermute) invernomuto at paranoici.org
Thu Oct 13 21:56:22 UTC 2016 

Package: libgs9
Version: 9.06~dfsg-2+deb8u3
Severity: grave
Tags: security
Justification: renders package unusable

Hello!

I had a bad surprise today in jessie.
After the security update:

  [UPGRADE] libgs9:amd64 9.06~dfsg-2+deb8u1 -> 9.06~dfsg-2+deb8u3
  [UPGRADE] libgs9-common:amd64 9.06~dfsg-2+deb8u1 -> 9.06~dfsg-2+deb8u3

I was unable to use zathura or evince (maybe other PS viewers are
affected):

  $ zathura foo.eps
  warning: Failed to loads bookmarks.
  invalidaccess -7
  error: Rendering failed (page 1)
  $ evince foo.eps
  invalidaccess -7
  invalidaccess -7
  Segmentation fault

After downgrading back to libgs9/9.06~dfsg-2+deb8u1 and
libgs9-common/9.06~dfsg-2+deb8u1, everything is back to normal
and the two PS viewers work again.

What went wrong?
If this is indeed a regression (as it seems to be), please fix it
as soon as possible!

Thanks for your time.


-- System Information:
Debian Release: 8.6
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.16.0-4-amd64 (SMP w/20 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages libgs9 depends on:
ii  libc6                           2.19-18+deb8u6
ii  libcups2                        1.7.5-11+deb8u1
ii  libcupsimage2                   1.7.5-11+deb8u1
ii  libfontconfig1                  2.11.0-6.3+deb8u1
ii  libfreetype6                    2.5.2-3+deb8u1
ii  libgs9-common                   9.06~dfsg-2+deb8u3
ii  libidn11                        1.29-1+deb8u2
ii  libijs-0.35                     0.35-10
ii  libjasper1                      1.900.1-debian1-2.4+deb8u1
ii  libjbig2dec0                    0.11+20120125-1
ii  libjpeg62-turbo                 1:1.3.1-12
ii  liblcms2-2                      2.6-3+b3
ii  libpaper1                       1.1.24+nmu4
ii  libpng12-0                      1.2.50-2+deb8u2
ii  libtiff5                        4.0.3-12.3+deb8u1
ii  poppler-data [gs-cjk-resource]  0.4.7-1
ii  zlib1g                          1:1.2.8.dfsg-2+b1

libgs9 recommends no packages.

libgs9 suggests no packages.

-- no debconf information

More information about the Secure-testing-team mailing list