-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Aug 2024 21:29:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: arm64 Version: 10.0.0~dfsg-11+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * review printing of pointers (CVE-2024-29508) * Fix compiler warning in optimised build * Coverity IDs 414141 & 414145 * Don't allow PDF files with bad Filters to overflow the debug buffer (CVE-2024-29506) * Don't use strlen on passwords (CVE-2024-29509) * Bounds checks when using CIDFont related params (CVE-2024-29507) Checksums-Sha1: 2d7c9daa867d99f8de33336e1c4122f1ed96aa12 6032 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb 7648b27f97b2f3b65e7677123bcc1e260311d77c 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_arm64.deb 780fcaa5f67b8de004684f09a49839a766baab3b 11979 ghostscript_10.0.0~dfsg-11+deb12u5_arm64-buildd.buildinfo b3ad46c70783b8db5a412f00c39f117ca80cbbab 57336 ghostscript_10.0.0~dfsg-11+deb12u5_arm64.deb c3a470401bd6f597ce203cec2247c1cfe735bd67 39560 libgs-dev_10.0.0~dfsg-11+deb12u5_arm64.deb fd41766b8a74ab4ab3972c3b47f747d005d5a049 9492036 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb b9facceb25934ce758c08a8072eda14c99daa37e 2253216 libgs10_10.0.0~dfsg-11+deb12u5_arm64.deb Checksums-Sha256: e1a58f2ab9fba793a74194c33d63cd7d3989cf0b75a87fa489c3bc6123a199b9 6032 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb 338c96ab77ce9a565b8dad570efdda71be05e51d953beb1f37a39b2530705068 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_arm64.deb ea8e8ec11df3ae4c87e87f9cdcfdd1d86304889c19872a5e16022afdd6193faf 11979 ghostscript_10.0.0~dfsg-11+deb12u5_arm64-buildd.buildinfo 3c9ef2c17bf959d408e1104573a2a4d97490d965c6973a4f729df59d0c462426 57336 ghostscript_10.0.0~dfsg-11+deb12u5_arm64.deb 12384d257b21036fcb38edb0a73581347b8641b092da752d0e252ad4ec058a07 39560 libgs-dev_10.0.0~dfsg-11+deb12u5_arm64.deb b67e43d5131ab8516c14fb52ce8ce5fe4b244870990091c42d8a3bb14cbf3d82 9492036 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb 8b3e60594fd693f39cb0be222b5d396b15c6634a5a4d63d8706d38a2207d2cea 2253216 libgs10_10.0.0~dfsg-11+deb12u5_arm64.deb Files: e408571543712c34e7dd34cce1659dfb 6032 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb 04d3c36806476820fffc4a3c500ab476 28048 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u5_arm64.deb 17f5d9b255b222739ae2c354d04e544a 11979 text optional ghostscript_10.0.0~dfsg-11+deb12u5_arm64-buildd.buildinfo b18a34abec194619463e3f96c7b08a9c 57336 text optional ghostscript_10.0.0~dfsg-11+deb12u5_arm64.deb 22f77855297c10ef0b867a9a1995e57e 39560 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u5_arm64.deb a3a0cb350ab809f274341a633bba2623 9492036 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_arm64.deb 21b2a410b376f22cb91cfb97b5d7ef5f 2253216 libs optional libgs10_10.0.0~dfsg-11+deb12u5_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmbLLjIACgkQaRWK3AIe 28Gk/w//XTmAHCp+PPphfmMZ/OaXQJHhuVXe6ypsYb21pYGmpVNNmqJzDU/Q7V4C vB6A8BPt8Jhh6Sv9MWeBnpzpTB+IME4QVbbiAcURviOrgpDymJq3vfamPwbat4uO XCTsmQmT9LvAIrJizdw8HB5spLAf3+KRCZhzRvmgT9Ne0pzJm834DlP0f1+haooh GiHXKdCVIooNgazVa5CXA0BvRtxDdrxvdBeR1w/jLJCjR3VrlrMbivnTAIWRYuvB hLFffPyPDTuB07UlBhfERu06pPTmiJGPYsrQhTyGgWJHbCmjGXRYGIAziLXn5PMm ErOBuyUDS3GIdmgCCjtQ78vpHCefYx3YrxZPob8LAonzb01oquo17ieDPjTOybLU KAngicL37yO2DnzOmenoa3S63mh7BMU3V34oeu41BKX8OaAlNbEeKvamW6jnJ/cW v5/pAZwIsA8wxypWNZoQzT21U+G1gopPtwErvNL2ZguDFYu92PjKd8MjQ4N+qiAh rD06ZmZ9nrWRNZ6mRpDf207rmVzdRU709lq4neCDeB4kO6+DYwrh9lxFn9g8OM9u tsVgG2JPzzf0IDkzwMXv0wV0msV0WnY2tqBjnFze0jbrm9y10fxw+kuQFs8DaF0w Jf3wnxtR4Ct8qUU5Zm59x0d3LnW7onHP7jr9pLF+uJ/wJcIGNl8= =bMNg -----END PGP SIGNATURE-----