Format: 1.8
Date: Tue, 05 Nov 2024 11:37:45 +0800
Source: ghostscript
Binary: ghostscript ghostscript-dbgsym libgs-dev libgs10 libgs10-dbgsym
Architecture: i386
Version: 10.02.1~dfsg1-ok4
Distribution: nile-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@4ca807c771bb>
Changed-By: liubo01 <liubo01@kylinos.cn>
Description:
ghostscript - interpreter for the PostScript language and for PDF
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs10 - interpreter for the PostScript language and for PDF - Library
Changes:
ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium
.
* SECURITY UPDATE: stack-based buffer overflow via long PDF filter
name - debian/patches/CVE-2024-29506.patch: don't allow PDF
files with bad Filters to overflow the debug buffer in
pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack-
based buffer overflows - debian/patches/CVE-2024-29507.patch:
bounds checks when using CIDFont related params in
pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 *
SECURITY UPDATE: heap-based pointer disclosure via constructed
BaseFont name - debian/patches/CVE-2024-29508.patch: review
printing of pointers in base/gsfont.c, base/gsicc_cache.c,
base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c,
base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. -
debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024-
29508-3.patch: remove extra arguments in devices/gdevupd.c.
- CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via
PDFPassword with null byte - debian/patches/CVE-2024-
29509.patch: don't use strlen on passwords in pdf/pdf_sec.c.
- CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via
OCRLanguage - debian/patches/CVE-2024-29511.patch: reject
OCRLanguage changes after SAFER enabled in devices/gdevocr.c,
devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. -
debian/patches/CVE-2024-29511-2.patch: original fix was overly
aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c. - CVE-2024-
29511
Checksums-Sha1:
44e46e8c3d445acf3f02ab272db2880be6aa452d 5672 ghostscript-dbgsym_10.02.1~dfsg1-ok4_i386.deb
e74d1f8717d408e3d63a2b51c259a5d4bf6f418c 11448 ghostscript_10.02.1~dfsg1-ok4_i386.buildinfo
920403ae2ca5a278e671b5c15b74b0e6f39a4b27 42648 ghostscript_10.02.1~dfsg1-ok4_i386.deb
2667e0b1564b89beac1c84645d74ba958b6629fd 31200 libgs-dev_10.02.1~dfsg1-ok4_i386.deb
016d2f74ec92027f948a6bb566297e95e03fdcf2 23874336 libgs10-dbgsym_10.02.1~dfsg1-ok4_i386.deb
45c6039a8bb2b9c5bbd4aac85f7ad3c02f702b1e 4789988 libgs10_10.02.1~dfsg1-ok4_i386.deb
Checksums-Sha256:
ca5f8e3667e76c0b78951e73fab2d928a2f5f69bfddbd1c0dd09620e33bdeb2b 5672 ghostscript-dbgsym_10.02.1~dfsg1-ok4_i386.deb
348be007be5ff47c26c040bd1835d3cde9ad9c55a6f5dfcfcd1c3cc2887df7d2 11448 ghostscript_10.02.1~dfsg1-ok4_i386.buildinfo
367dadeea0cf472210d7e676d119b5ce635e51ae5bb594ed3883240bdc4a56ad 42648 ghostscript_10.02.1~dfsg1-ok4_i386.deb
abf808dd47bcf1fc1e89980983937166e5ed9dcb8978aded0cc8e1bef1bc3baf 31200 libgs-dev_10.02.1~dfsg1-ok4_i386.deb
39799077b1228f07cbde8a71a35ea8fda84879167521d8a7a6d0f7eb9e882a62 23874336 libgs10-dbgsym_10.02.1~dfsg1-ok4_i386.deb
c3b3a6a331534317ae9867ee65c989fe755fa4592fec7ffa79c1830cf1d3c153 4789988 libgs10_10.02.1~dfsg1-ok4_i386.deb
Files:
6afaf9106052f8abfde75d364d3f3b79 5672 debug optional ghostscript-dbgsym_10.02.1~dfsg1-ok4_i386.deb
e038c5499cdfb9b42d6a2b1109249330 11448 text optional ghostscript_10.02.1~dfsg1-ok4_i386.buildinfo
918a32496b7415e0516afe83735cd841 42648 text optional ghostscript_10.02.1~dfsg1-ok4_i386.deb
768aadae1fd4be0143542a3cbb1b9a57 31200 libdevel optional libgs-dev_10.02.1~dfsg1-ok4_i386.deb
b2df2596a0a29744b83a564a3dac24ab 23874336 debug optional libgs10-dbgsym_10.02.1~dfsg1-ok4_i386.deb
e5407596c8ef607ab730570b5ffc5d69 4789988 libs optional libgs10_10.02.1~dfsg1-ok4_i386.deb