Format: 1.8
Date: Tue, 05 Nov 2024 11:37:45 +0800
Source: ghostscript
Binary: ghostscript ghostscript-dbgsym ghostscript-doc libgs-common libgs-dev libgs10 libgs10-common libgs10-dbgsym
Architecture: amd64 all
Version: 10.02.1~dfsg1-ok4
Distribution: nile-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@8860f99a97ba>
Changed-By: liubo01 <liubo01@kylinos.cn>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 libgs-common - interpreter for the PostScript language and for PDF - ICC profile
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs10    - interpreter for the PostScript language and for PDF - Library
 libgs10-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium
 .
   * SECURITY UPDATE: stack-based buffer overflow via long PDF filter
     name     - debian/patches/CVE-2024-29506.patch: don't allow PDF
     files with bad       Filters to overflow the debug buffer in
     pdf/pdf_file.c.     - CVE-2024-29506   * SECURITY UPDATE: stack-
     based buffer overflows     - debian/patches/CVE-2024-29507.patch:
     bounds checks when using CIDFont       related params in
     pdf/pdf_font.c, pdf/pdf_warnings.h.     - CVE-2024-29507   *
     SECURITY UPDATE: heap-based pointer disclosure via constructed
     BaseFont     name     - debian/patches/CVE-2024-29508.patch: review
     printing of pointers in       base/gsfont.c, base/gsicc_cache.c,
     base/gsmalloc.c, base/gxclmem.c,       base/gxcpath.c,
     base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
     devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
     psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.     -
     debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
     optimised build in base/gsicc_cache.c.     - debian/patches/CVE-2024-
     29508-3.patch: remove extra arguments in       devices/gdevupd.c.
     - CVE-2024-29508   * SECURITY UPDATE: heap-based overflow via
     PDFPassword with null byte     - debian/patches/CVE-2024-
     29509.patch: don't use strlen on passwords in       pdf/pdf_sec.c.
     - CVE-2024-29509   * SECURITY UPDATE: directory traversal issue via
     OCRLanguage     - debian/patches/CVE-2024-29511.patch: reject
     OCRLanguage changes after       SAFER enabled in devices/gdevocr.c,
     devices/gdevpdfocr.c,       devices/vector/gdevpdfp.c.     -
     debian/patches/CVE-2024-29511-2.patch: original fix was overly
     aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
     devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.     - CVE-2024-
     29511
Checksums-Sha1:
 796572540337da125ee36e910cb465d1152dc352 6188 ghostscript-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 091c036001670fba210e1ee692a24f347b6eb679 11632316 ghostscript-doc_10.02.1~dfsg1-ok4_all.deb
 6b9197d5852dfbca541f66dc174437dcec6affe6 19140 ghostscript_10.02.1~dfsg1-ok4_amd64.buildinfo
 fa12b7feccad9730693de73d384de6c4261404b0 42616 ghostscript_10.02.1~dfsg1-ok4_amd64.deb
 d21a825b2c478492bf3ef4956140c033dd275c7a 142356 libgs-common_10.02.1~dfsg1-ok4_all.deb
 e050494b13179dc76c93c503820a880497bcef70 31192 libgs-dev_10.02.1~dfsg1-ok4_amd64.deb
 55cabe47bf1d188df203d650c1d888997edc1ead 467260 libgs10-common_10.02.1~dfsg1-ok4_all.deb
 790e52552a8ef77922b896b1bc010a0bcdc1bf50 23147052 libgs10-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 6b542590a79dc74f797e4c079100f7ce5cc6050b 3586976 libgs10_10.02.1~dfsg1-ok4_amd64.deb
Checksums-Sha256:
 7481e8abd9e36bfcc627598bc1b3c38b584ab657db536373442c3e5f60c921ea 6188 ghostscript-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 c1b09704493db5eb3cee9450969603af4adbc8ed66e9ddc8c7b226d1859c97c6 11632316 ghostscript-doc_10.02.1~dfsg1-ok4_all.deb
 edbb9ac69647b647e54434d20988f94c659fb8fbf401c49c99445467e550e9ea 19140 ghostscript_10.02.1~dfsg1-ok4_amd64.buildinfo
 023576d4d38a0f0c3e46c8a43f28d9392ec53b4d3d6d1a57e54f34ee8db460e8 42616 ghostscript_10.02.1~dfsg1-ok4_amd64.deb
 a423666ced3742e8550a7f67dbff1bba7df91126037246cb6f279b7f592d429f 142356 libgs-common_10.02.1~dfsg1-ok4_all.deb
 0a4cacddb9509094d0b9c0382d1691416aad3575abc0d763a3c7783aac5eae31 31192 libgs-dev_10.02.1~dfsg1-ok4_amd64.deb
 f40a8cee5cd2ab4aa6233edea1179058f5473b342a53f2177986b037168c4427 467260 libgs10-common_10.02.1~dfsg1-ok4_all.deb
 eba6ba9cf318669783db9c8908c4c9f8b8705bb65025ba2d872897d9d71a2e2b 23147052 libgs10-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 1a8d32eac9c848a67806d8c63ed3fcde488867fdc9270fe8cf24e799319b9e25 3586976 libgs10_10.02.1~dfsg1-ok4_amd64.deb
Files:
 265fcca92b5d21ae33bab1b96d68217e 6188 debug optional ghostscript-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 5e89f5094daddb8ea407ff57392a0034 11632316 doc optional ghostscript-doc_10.02.1~dfsg1-ok4_all.deb
 f7893802bee35f2e37857c579b38ae9a 19140 text optional ghostscript_10.02.1~dfsg1-ok4_amd64.buildinfo
 a79cead808b9905ec770cf2b9fe4c2b4 42616 text optional ghostscript_10.02.1~dfsg1-ok4_amd64.deb
 a99154f2866b9c9ad04a723bda8a81cb 142356 libs optional libgs-common_10.02.1~dfsg1-ok4_all.deb
 58a1cdf57d51b54a75907a173b1dfdb0 31192 libdevel optional libgs-dev_10.02.1~dfsg1-ok4_amd64.deb
 11ba7b3731fe9bce442b899f61b89830 467260 libs optional libgs10-common_10.02.1~dfsg1-ok4_all.deb
 4f85c60bdf48899b9db41a2549867985 23147052 debug optional libgs10-dbgsym_10.02.1~dfsg1-ok4_amd64.deb
 d3d37b4e08b2834ed0145c7ef013fb28 3586976 libs optional libgs10_10.02.1~dfsg1-ok4_amd64.deb