-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Aug 2024 21:29:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: amd64 Version: 10.0.0~dfsg-11+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: amd64 Build Daemon (x86-grnet-03) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * review printing of pointers (CVE-2024-29508) * Fix compiler warning in optimised build * Coverity IDs 414141 & 414145 * Don't allow PDF files with bad Filters to overflow the debug buffer (CVE-2024-29506) * Don't use strlen on passwords (CVE-2024-29509) * Bounds checks when using CIDFont related params (CVE-2024-29507) Checksums-Sha1: e1343fa1fa760cf395c113ca05d44d68323f459e 5876 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb 06e4c545dced2734e425c8ea28799a0b7dd7fb79 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_amd64.deb 2e70f9d7a1da8ff37442eea76ec8db66a36100cf 12040 ghostscript_10.0.0~dfsg-11+deb12u5_amd64-buildd.buildinfo abc0cf3879aa7f66b0be32a9feed6c56f9aa81d3 57204 ghostscript_10.0.0~dfsg-11+deb12u5_amd64.deb 924eee9a06dd2ada9f47275dce27aa91ab01fa24 39576 libgs-dev_10.0.0~dfsg-11+deb12u5_amd64.deb 2c585510c923e711b57409901a5ffeafdc81f8ab 9704588 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb 9743c28e23d146c93817fa541825499bfc8ec1ba 2467532 libgs10_10.0.0~dfsg-11+deb12u5_amd64.deb Checksums-Sha256: 9e2da051365de0d6d4578235f09e80f96ca0a035b9d8b1080eb82c2b5ccca1ec 5876 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb b43c4c4d02f77a802bdd9664f7cc5671d17df521f595b98bcb1988501b93c8fa 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_amd64.deb 3f2cf46d8d31c82dd0b17556cd1dae2749fb655ce3b15efee71da550851b7b71 12040 ghostscript_10.0.0~dfsg-11+deb12u5_amd64-buildd.buildinfo 66186c58d8361018e483878dceaea7eb5493fa605712e6925f75cdc7fe1af66b 57204 ghostscript_10.0.0~dfsg-11+deb12u5_amd64.deb 70284cfd80bc3377eafce9aab0c047bf1dc1c5ec416836c29c65d15747eef876 39576 libgs-dev_10.0.0~dfsg-11+deb12u5_amd64.deb 74bbddea2116abf8369739050e14415e7eb4fa7aefea7a9fa5a6ea33297e9d45 9704588 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb d71e64e9d61a364f4ddb761a6a4c812e18f187d9ed14aacc69012c1a1ea286d4 2467532 libgs10_10.0.0~dfsg-11+deb12u5_amd64.deb Files: 2c0675785497ee885fabd3b94e859bf5 5876 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb 709421f92bfd9e214ccf7c7289be2c13 28048 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u5_amd64.deb ba7940ee2a79ba5ed8f4c2ee845bed1c 12040 text optional ghostscript_10.0.0~dfsg-11+deb12u5_amd64-buildd.buildinfo 2b2ff8c7d45bca72a739ccc130ccdcf2 57204 text optional ghostscript_10.0.0~dfsg-11+deb12u5_amd64.deb d940240a78bfdabbfd9bb379e5a25b0f 39576 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u5_amd64.deb 4bad8040cf26b2754c0b437db9c80bee 9704588 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_amd64.deb 63c18a6db009a961a3baafc75fffa590 2467532 libs optional libgs10_10.0.0~dfsg-11+deb12u5_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmbLLFkACgkQgDm7h4zf CpIZmw//dCIWf6I19v9yc9HeUnYERHSetfL78XRFOzE+Un/oXqU47H3F/iDlAXdy 9ojZfkMWGFdADKCTd8nBF98dWgflw+vCOGGNoM2GadFZb4ostpRa9FCiU1aVorSx 58uakW4U1enimc+aNihmnefIc5EaKF7uJrJTrKrhlGCfNpcRuegjZ7ZuXZui/RcJ I+8c3c89of0RYzVihLdJGf8NJT6W3YlgfRbE+t1Bf15Z3bqTHf2qBi8Z424eOoMf yNUEpDlpw9RlugyiOey6CFMMTR11MUXU4Gf0nP6QBbF1fBRyugN49ZbB7g9gj7/n kIqqGqwLs/0xlqIrC5tbXu6GiwPrSaRvmDV2qpYZ7r6PXmwSrCOBGFVPWUXLh5/g dQFvWLYfcoWb3kURSiskyHFBVBtsUjOIVldQ0mTwq9Z3vRNI6l/lqXoKMnCVJae+ MoTfj9TOMZ6tllfGXGyHAqEx4pOkkH/e3dipZXiy7XPOToHNVC5VDTxdcf6DwRJ0 w68pb279R57H86I4+ren7Ycpew+eb4o7cA8Tc52Wfyyea7lYCL75qMcni+DO3Ol4 hrySdxS/mf/fI/Dd49CLNYji2ehgpJH6gKZxVK3pRK4d/+d20gruQjaUUUqm/QUw lcG6w6+ypfv7vpxHLGEPr2oQn3NDInZt/FvCVhJD3bTNVouZZEc= =c85B -----END PGP SIGNATURE-----