-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: i386 Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: a42d3d51ef03ce910847e4e8bfe3b283e0bf064e 5584 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb d54ec536b94181a1f568a61c9cad33a19a8f0e5f 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_i386.deb 84ede56520edb6b952d9953a76e9cf61294adf14 12009 ghostscript_10.0.0~dfsg-11+deb12u6_i386-buildd.buildinfo 51795c3658d09328fc3c781653b8e62607cb1537 57532 ghostscript_10.0.0~dfsg-11+deb12u6_i386.deb b996e40393f1a4eaba39ca05972ae75367f07ded 39824 libgs-dev_10.0.0~dfsg-11+deb12u6_i386.deb ac709a104d3011768cb7f41263a78b4a12018e3c 8706432 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb 404788de7754bf87b7fd7524a31ad91257ca5607 2607496 libgs10_10.0.0~dfsg-11+deb12u6_i386.deb Checksums-Sha256: de6a752a766c4ddea4346828f93bca93edcf2b6ec259b74460b38978b1c6b0a1 5584 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb 00b18acc9c8487bf49d22502271872b7c0cd2648d3ff95cba22068ed52e7f3c2 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_i386.deb 80d70ca70d3aef9fc6b749161e5052818dde0d74da266f7d6d242580ef8708e0 12009 ghostscript_10.0.0~dfsg-11+deb12u6_i386-buildd.buildinfo 383e303db1c7df06052792288ca951affe352c4a8e20cbfeeade8bfa6148d08a 57532 ghostscript_10.0.0~dfsg-11+deb12u6_i386.deb 212b12fd3bedd26298a8f2cea0b4cc76c0b65cf0c4f52395c2a69ad636be6314 39824 libgs-dev_10.0.0~dfsg-11+deb12u6_i386.deb f9345b12a462b7642dfb9a063218ff3b5b226abdfee6cade2466594f3dc2cd4c 8706432 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb a9f98269687dba04faf6a0df9b4aca1e9ccedd8ea94dfa9f3ece03bdc46dc22d 2607496 libgs10_10.0.0~dfsg-11+deb12u6_i386.deb Files: 3250f5d7133146a67357e578ad3d4671 5584 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb 2d46651cb07e8b008ba506a522309285 28280 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_i386.deb b71fbc1f20f57300ef8a3117275ad75c 12009 text optional ghostscript_10.0.0~dfsg-11+deb12u6_i386-buildd.buildinfo 3138b9f43f4049ded19187a2b9e15823 57532 text optional ghostscript_10.0.0~dfsg-11+deb12u6_i386.deb 649b8262d334d98d78a6e7a90f68d833 39824 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_i386.deb 7ac9b24d6eab1a89054f5b437b39e6ee 8706432 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_i386.deb bc5e8d875cf0f5ca2fe6f7035603a2a6 2607496 libs optional libgs10_10.0.0~dfsg-11+deb12u6_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmcwr4IACgkQU9a0/Lca TpMJ2w//dEw9gEbkvhafBj1ZezVGjkXqZ3vJFQI6ZinNgFdiy1OjEahMaca/KApr RQARS+py/hgYWlLXuilzFLsCFehRxCZlvcroMfo1apxAGMQRGxaDX3p7AUb3EqNw gQiRA1CJI1jF+G+AvDzCOUvKNrAheQAuLEbgC7eqavXdi6bpwhBhbJ9Z0pBkfGK6 tb/1cCKDWzjz0STL6xlJfdeWJ3/xOa75YarHAg2TWHo835ojbHZ7AECdHKbnf/9q l0i72Nu72xgWLn6WAzcKVWHrmOiI+o5/1dIVThktoDR/AnwMKE3JH1gpBiHwcue1 YjE76bBcrSrCXcZdM/YlvR6QasQNHkXYIECVr+lzscoQXnsN3729qNzzMzmu4byF wH0q4vMFiKxfBnnKEuPH+pAePYy0ZUKmEqeCEMfe6WXNsD1ZlyJY/nFAC9sS4cU1 +bClW20mlnOkFdvhn1GsYPenePq5JpndF3t/alg09s8qrI3tXC2LhZUOceRze4Zt oA7FC4cKyizd4HMe5bC1yKnlTyBjf4L+4SwnRvhaSLkFNHBAVM3eK7eaDL4M/y+W mYk1w+q8LYozGNScSDRZd9aqa5UVxhCcnRnkMQmoV+dINWhAzT2BrxKLphsp43yQ abjA8TmYJmfdeMF6xN/kpzIRk+Ro+399md3HmNextJ59lxIanhY= =x9QW -----END PGP SIGNATURE-----