-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: armhf Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: 06ea2361104df164a7e151834fc897db217d2360 6184 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb 54de05f12e7bbd726ace6145c84a6636430befa9 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_armhf.deb 9a9da6cd47f7f128ca90fd67f56f22ba164f895c 11880 ghostscript_10.0.0~dfsg-11+deb12u6_armhf-buildd.buildinfo decab2159400419050d6d7440997944f617c823b 57216 ghostscript_10.0.0~dfsg-11+deb12u6_armhf.deb 6aed5e934d43acd87a75aa6529753a487a13c551 39812 libgs-dev_10.0.0~dfsg-11+deb12u6_armhf.deb ded61e51e6894440b45e200b28440087edc281dd 9438900 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb 384914bfceed5d30865f3f47b3fb46aa88040a99 2101520 libgs10_10.0.0~dfsg-11+deb12u6_armhf.deb Checksums-Sha256: 14ca7b01bb4d9d295b21fd87feacea5ca76e88130b8117f9d76e8010e962ab06 6184 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb c442c7fc9611ad7bdb26022e17005d66cc31d8961fc0976d8dd47e4e70a94cfb 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_armhf.deb 61688611dccaafee3cd51d939aa56a9c79081426d4369d990b0c44c7edda241f 11880 ghostscript_10.0.0~dfsg-11+deb12u6_armhf-buildd.buildinfo cfc8263f777014b0f8d26bd2c82cd912dc47b8dffab33df15f48bdcf925b62fa 57216 ghostscript_10.0.0~dfsg-11+deb12u6_armhf.deb 4964e901b2038e4fecebe188b11f784bb936e7ca3134a44a02405a36bc1fa21b 39812 libgs-dev_10.0.0~dfsg-11+deb12u6_armhf.deb a340d0da4fe91a6ec3dfaaa797556a58a00518df2ef67cde3f5ebfdcacaf107f 9438900 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb d9d58977d518e60af8dc08713a5e8130769553c5fe42570b454b73cfe83ce79a 2101520 libgs10_10.0.0~dfsg-11+deb12u6_armhf.deb Files: 527ef5d2a797ca19126e6bcbda3dd6a4 6184 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb 1ed61ac6e5451618dc9bef97bf79fd2b 28280 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_armhf.deb 34667b90b293df24b194794c985a73af 11880 text optional ghostscript_10.0.0~dfsg-11+deb12u6_armhf-buildd.buildinfo 378e42d29435b02d4e37f188dd39635b 57216 text optional ghostscript_10.0.0~dfsg-11+deb12u6_armhf.deb 20437485d9852154702c9b36355dc593 39812 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_armhf.deb d18acac63174b36be19c41e5ae98a3a7 9438900 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_armhf.deb eb858b2bfd685a366afd27d0a829e390 2101520 libs optional libgs10_10.0.0~dfsg-11+deb12u6_armhf.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmcwsWkACgkQaRWK3AIe 28FwvA/8D0m+qzjr7SmO/qNdZv73VHJPRLIcjOhtJ1IDnKKOsEDTHUFXQr8tQJTT XqCXgOPKW8ZeBdYhO21apfgUxoiCtH3DZDK+Atp7sSVGyKpU5dQCrqdu8beebRa1 xpBfED1skxyuuk7TbLu/MYVzOgOUl7VFe8ygyVh3fJcKlNkaL/Vx7aPZH9hqURAi Nwku4dlZXpU4xX2iozg9CsAVzryM7xJ9FrBYSsabgsKuo7MgHfYHokyex5vlugAk lHyHeKO9Ofjt9SovGNkZDPa10kZzs0u6u7tcXNadXb43yTBCeNYXEI0iOof7AkDa 8NuV4Wh1eTL41BY+wqlpkQ5Sy4f/3TDkUAiCZ6M3h98PC+c71imCS1AsyWai9BQR 0zJjwXX9EL/j/laNG05ILbqpl15vP5lrHO3713+1FUSySiyrkQwf0KB75WjLJKzx frfm6hUgBNK5FNAfzy9iYvL1XF/2U3H7MOpWlcHJ6pi3E63AmPaFKvMZ4bms3eJI HODrJUWsDFqTiI7uvX64tIiCz+4OA0HY5PdgIiX30Xzr75TfB1PwD7mz+1kO0F/i JIgZImDrW6w/KJsIDxNyZkFitUExvvkMy2MaxrezN0GfutAwfv+T2PeqXzYvkpcS YIcEDy+RA1R7rl5Xa5zkodngKmvMBdfUWMPk3rtPwGi6kWskQRA= =46iq -----END PGP SIGNATURE-----