Publishing details

Published on 2024-11-05

Changelog

ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter
    name     - debian/patches/CVE-2024-29506.patch: don't allow PDF
    files with bad       Filters to overflow the debug buffer in
    pdf/pdf_file.c.     - CVE-2024-29506   * SECURITY UPDATE: stack-
    based buffer overflows     - debian/patches/CVE-2024-29507.patch:
    bounds checks when using CIDFont       related params in
    pdf/pdf_font.c, pdf/pdf_warnings.h.     - CVE-2024-29507   *
    SECURITY UPDATE: heap-based pointer disclosure via constructed
    BaseFont     name     - debian/patches/CVE-2024-29508.patch: review
    printing of pointers in       base/gsfont.c, base/gsicc_cache.c,
    base/gsmalloc.c, base/gxclmem.c,       base/gxcpath.c,
    base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
    devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
    psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.     -
    debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
    optimised build in base/gsicc_cache.c.     - debian/patches/CVE-2024-
    29508-3.patch: remove extra arguments in       devices/gdevupd.c.
    - CVE-2024-29508   * SECURITY UPDATE: heap-based overflow via
    PDFPassword with null byte     - debian/patches/CVE-2024-
    29509.patch: don't use strlen on passwords in       pdf/pdf_sec.c.
    - CVE-2024-29509   * SECURITY UPDATE: directory traversal issue via
    OCRLanguage     - debian/patches/CVE-2024-29511.patch: reject
    OCRLanguage changes after       SAFER enabled in devices/gdevocr.c,
    devices/gdevpdfocr.c,       devices/vector/gdevpdfp.c.     -
    debian/patches/CVE-2024-29511-2.patch: original fix was overly
    aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
    devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.     - CVE-2024-
    29511

 -- liubo01 <email address hidden>  Tue, 05 Nov 2024 11:37:45 +0800

Available diffs

diff from 10.02.1~dfsg1-ok2 to 10.02.1~dfsg1-ok4 (10.2 KiB)

Builds

Built packages

ghostscript interpreter for the PostScript language and for PDF

ghostscript-dbgsym debug symbols for ghostscript

ghostscript-doc interpreter for the PostScript language and for PDF - Documentation

libgs-common interpreter for the PostScript language and for PDF - ICC profiles

libgs-dev interpreter for the PostScript language and for PDF - Development Files

libgs10 interpreter for the PostScript language and for PDF - Library

libgs10-common interpreter for the PostScript language and for PDF - common files

libgs10-dbgsym debug symbols for libgs10

Package files

ghostscript-dbgsym_10.02.1~dfsg1-ok4_amd64.deb (6.0 KiB)
ghostscript-dbgsym_10.02.1~dfsg1-ok4_arm64.deb (6.2 KiB)
ghostscript-dbgsym_10.02.1~dfsg1-ok4_i386.deb (5.5 KiB)
ghostscript-dbgsym_10.02.1~dfsg1-ok4_loong64.deb (5.7 KiB)
ghostscript-dbgsym_10.02.1~dfsg1-ok4_riscv64.deb (6.1 KiB)
ghostscript-doc_10.02.1~dfsg1-ok4_all.deb (11.1 MiB)
ghostscript_10.02.1~dfsg1-ok4.debian.tar.xz (202.8 KiB)
ghostscript_10.02.1~dfsg1-ok4.dsc (2.5 KiB)
ghostscript_10.02.1~dfsg1-ok4_amd64.deb (41.6 KiB)
ghostscript_10.02.1~dfsg1-ok4_arm64.deb (41.8 KiB)
ghostscript_10.02.1~dfsg1-ok4_i386.deb (41.6 KiB)
ghostscript_10.02.1~dfsg1-ok4_loong64.deb (43.4 KiB)
ghostscript_10.02.1~dfsg1-ok4_riscv64.deb (41.5 KiB)
ghostscript_10.02.1~dfsg1.orig.tar.xz (51.6 MiB)
libgs-common_10.02.1~dfsg1-ok4_all.deb (139.0 KiB)
libgs-dev_10.02.1~dfsg1-ok4_amd64.deb (30.5 KiB)
libgs-dev_10.02.1~dfsg1-ok4_arm64.deb (30.5 KiB)
libgs-dev_10.02.1~dfsg1-ok4_i386.deb (30.5 KiB)
libgs-dev_10.02.1~dfsg1-ok4_loong64.deb (32.2 KiB)
libgs-dev_10.02.1~dfsg1-ok4_riscv64.deb (30.5 KiB)
libgs10-common_10.02.1~dfsg1-ok4_all.deb (456.3 KiB)
libgs10-dbgsym_10.02.1~dfsg1-ok4_amd64.deb (22.1 MiB)
libgs10-dbgsym_10.02.1~dfsg1-ok4_arm64.deb (21.7 MiB)
libgs10-dbgsym_10.02.1~dfsg1-ok4_i386.deb (22.8 MiB)
libgs10-dbgsym_10.02.1~dfsg1-ok4_loong64.deb (22.3 MiB)
libgs10-dbgsym_10.02.1~dfsg1-ok4_riscv64.deb (22.5 MiB)
libgs10_10.02.1~dfsg1-ok4_amd64.deb (3.4 MiB)
libgs10_10.02.1~dfsg1-ok4_arm64.deb (3.1 MiB)
libgs10_10.02.1~dfsg1-ok4_i386.deb (4.6 MiB)
libgs10_10.02.1~dfsg1-ok4_loong64.deb (4.2 MiB)
libgs10_10.02.1~dfsg1-ok4_riscv64.deb (4.0 MiB)