-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: armel Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: c487a215f80cab868f2d0fc5eda86cf9282cc137 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb f8552b7ee47988ea10d8e922357bb7a804cf52bb 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_armel.deb 1b56415a922969d4beab763e2576122a1e82f75e 11878 ghostscript_10.0.0~dfsg-11+deb12u6_armel-buildd.buildinfo c4e1c27b7c37f152f70daa575efbc8dd40d68c24 57252 ghostscript_10.0.0~dfsg-11+deb12u6_armel.deb 04be87327a47d3de937a061b2023147c94f48a93 39808 libgs-dev_10.0.0~dfsg-11+deb12u6_armel.deb 83f6e20c98ca76532f44a78865d4c24daa83e575 9358220 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb 31f6520aba668cbfa33e344d423b31e03a7a1d0c 2089672 libgs10_10.0.0~dfsg-11+deb12u6_armel.deb Checksums-Sha256: 9056ef843851c79ccf10f964ddebf48a836671568363e8fa84bd5d06a6523de9 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb 239691a79b07b9e3d7fbf7c44d0e8de33a52964f05e0b904faf272950026ce86 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_armel.deb d4032729c2430ab95a5024626ed49ce6ec9eb0d1e2c15da25d06a84a4c3ef577 11878 ghostscript_10.0.0~dfsg-11+deb12u6_armel-buildd.buildinfo f5a314ef465075d68ca842c9baecba9d916a51309f0f76c8ca969d67be46b397 57252 ghostscript_10.0.0~dfsg-11+deb12u6_armel.deb 5c000a10403533bca9540ba7cafda1343c0f6757459714638e20369616bc6272 39808 libgs-dev_10.0.0~dfsg-11+deb12u6_armel.deb 8a309bc7de013cf486e0a00af26360a2439e18b49c2358310097c086c0519a44 9358220 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb 1da42866ec86ac01f64a05c717ced7c26684c36960ac2a04fa096eebc7c174a1 2089672 libgs10_10.0.0~dfsg-11+deb12u6_armel.deb Files: 4faaaf2d68b0438cd9abdebb5e7a62c3 6116 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb f24586eb3ce6908523336eff6b4ed075 28280 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_armel.deb 500a124cdb98a451e438ced6abe9d865 11878 text optional ghostscript_10.0.0~dfsg-11+deb12u6_armel-buildd.buildinfo 250b5d65058e197288f77ae89f8589ac 57252 text optional ghostscript_10.0.0~dfsg-11+deb12u6_armel.deb c59383824bee9da41c84b7164f20bee9 39808 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_armel.deb 8c78b66bb9c7f70ce090983ad7699c7d 9358220 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armel.deb 449cb301e5f1589ee8ab2285689c5483 2089672 libs optional libgs10_10.0.0~dfsg-11+deb12u6_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0+FegZ3qs8CHnZkx+XaKpT5fkBIFAmcwsXAACgkQ+XaKpT5f kBLKXw//esT4Ohk1SCZnF9ZoLOaVBPVgAER1jVBEXHZQdDNZq9efs5+BTUh54tEv n/2p5GeJ6miWPBYfd8w8tr806Lpgr7WrSSt+S7R5sHJT5IVyy1dkA2zrQ6VIXerR yzx8eqptRx0nno11YKX5UfWkkhLRsxHd0dFVvyYri6Y8SR6dzDckw78j8N6noOrB RXcKMsSm7ESEqYSe1o3mIGcrbxddN33PMJvuUO5mJyqXLhIGOm5ryhJKsorAyH3N QNCQVj+t6p9y0g9vGEnY2jjxU8Z3HYzE46eF7KI5G6oUAYwkW62E6VFTmuxSY5tu 2heqIEzobazXPRYGegu8TSr8ouhj44TkCuLvwwMvrV8OXAem4QpsHWiPj245MueC JVnJ6Zpma6nL+LHZkiQIsEiCpWhKW/1T0VLZD2/kgAVS9qWY7izEl6dRJWfmxDe7 LxQZuVsVRqkg988rWU0SsMUogZba8UeXLD1GzrMMUzq4Xbw6zIdKsRzugkU/ruMo 19ky3MRCSFJjHlq88ANEWlDNdZYH4VQq6q2HHxyNIZK1rCXwfxR2cVraC6FhxxgS z5z8d+151GsdvtkKacP3upVgShC8Omv1IX/wVTean56EhCYfYqSorfD+DjRek3HT nQjqvSQuwCXvu/h5FCGukOv0X1dzuBO55tFv3saKfYcy8/S7FF4= =iPgr -----END PGP SIGNATURE-----