Format: 1.8
Date: Tue, 05 Nov 2024 11:37:45 +0800
Source: ghostscript
Binary: ghostscript ghostscript-dbgsym libgs-dev libgs10 libgs10-dbgsym
Architecture: loong64
Version: 10.02.1~dfsg1-ok4
Distribution: nile-proposed
Urgency: medium
Maintainer: Launchpad Build Daemon <buildd@localhost>
Changed-By: liubo01 <liubo01@kylinos.cn>
Description:
ghostscript - interpreter for the PostScript language and for PDF
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs10 - interpreter for the PostScript language and for PDF - Library
Changes:
ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium
.
* SECURITY UPDATE: stack-based buffer overflow via long PDF filter
name - debian/patches/CVE-2024-29506.patch: don't allow PDF
files with bad Filters to overflow the debug buffer in
pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack-
based buffer overflows - debian/patches/CVE-2024-29507.patch:
bounds checks when using CIDFont related params in
pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 *
SECURITY UPDATE: heap-based pointer disclosure via constructed
BaseFont name - debian/patches/CVE-2024-29508.patch: review
printing of pointers in base/gsfont.c, base/gsicc_cache.c,
base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c,
base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. -
debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024-
29508-3.patch: remove extra arguments in devices/gdevupd.c.
- CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via
PDFPassword with null byte - debian/patches/CVE-2024-
29509.patch: don't use strlen on passwords in pdf/pdf_sec.c.
- CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via
OCRLanguage - debian/patches/CVE-2024-29511.patch: reject
OCRLanguage changes after SAFER enabled in devices/gdevocr.c,
devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. -
debian/patches/CVE-2024-29511-2.patch: original fix was overly
aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c. - CVE-2024-
29511
Checksums-Sha1:
f6952868b5f00d050b2e91cb6fde0a650263b148 5872 ghostscript-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
1e772b50e46462a0c6da15bc03ce2e0f8e5bb271 15800 ghostscript_10.02.1~dfsg1-ok4_loong64.buildinfo
6b005076df4262a8e1b9098f4029b3d4bc49ca92 44444 ghostscript_10.02.1~dfsg1-ok4_loong64.deb
a80a05d51c284e24ed5167aabf13c725665e7d3e 33008 libgs-dev_10.02.1~dfsg1-ok4_loong64.deb
049d9748511115073f6637c888e37639f32cda5d 23384824 libgs10-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
7100307d0d3a2578278f5a374754717c89231f58 4404268 libgs10_10.02.1~dfsg1-ok4_loong64.deb
Checksums-Sha256:
7c51e9c1eb7230d22680c3c7ca4d23528eb2faabdf54699ea248dc6df82c7f91 5872 ghostscript-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
53c8a4382bb8f76eb60e471992099c57c107ddc8b23e13722c9755250dd1464c 15800 ghostscript_10.02.1~dfsg1-ok4_loong64.buildinfo
5c31f2e46c5525606de04bd63aba2517315fb2ece8e948ab1602cdc36557b9eb 44444 ghostscript_10.02.1~dfsg1-ok4_loong64.deb
2b696fbe8d3c97000573df5cb6187479cb982c02f473f8583f61bdb3c7550ffd 33008 libgs-dev_10.02.1~dfsg1-ok4_loong64.deb
8cba6ca46302524d1265024b3fccda5b283824dce53a17656aea889bb66ee059 23384824 libgs10-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
dd33aac0efc04a9d834cdc861903d82aa4f25b967d10d52520cdf7f89e70b798 4404268 libgs10_10.02.1~dfsg1-ok4_loong64.deb
Files:
0efc60b9918728a2f056bc4b9d666f51 5872 debug optional ghostscript-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
7cf4aaa06629e9c4c4739ccba86bfca2 15800 text optional ghostscript_10.02.1~dfsg1-ok4_loong64.buildinfo
dd82b4e48353675bddb076f76e7fb1b4 44444 text optional ghostscript_10.02.1~dfsg1-ok4_loong64.deb
8448ad3ced217165d59b6b6a97a54316 33008 libdevel optional libgs-dev_10.02.1~dfsg1-ok4_loong64.deb
e13f903090d57ce7cc5150dfa2ebd5f1 23384824 debug optional libgs10-dbgsym_10.02.1~dfsg1-ok4_loong64.deb
c0233471cc5fc800d46db41c29221341 4404268 libs optional libgs10_10.02.1~dfsg1-ok4_loong64.deb