-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Aug 2024 21:29:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: armel Version: 10.0.0~dfsg-11+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-03) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * review printing of pointers (CVE-2024-29508) * Fix compiler warning in optimised build * Coverity IDs 414141 & 414145 * Don't allow PDF files with bad Filters to overflow the debug buffer (CVE-2024-29506) * Don't use strlen on passwords (CVE-2024-29509) * Bounds checks when using CIDFont related params (CVE-2024-29507) Checksums-Sha1: 36e6747b09c61d3d5ffde26baa56dd4eda9f04cb 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb 5b9134961b48b04d1758b81812ab729e32578352 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_armel.deb 23bb95386c616152745b1b8d4af52459863b0d6d 11853 ghostscript_10.0.0~dfsg-11+deb12u5_armel-buildd.buildinfo 2b4bc5550f3ef1dc06f77868ca7c8e8db9d45dc7 57024 ghostscript_10.0.0~dfsg-11+deb12u5_armel.deb 068efbe28047c8719f967520b26c48f182bb11e4 39560 libgs-dev_10.0.0~dfsg-11+deb12u5_armel.deb e9fef2e9b68c474a8eec5534567a0882f0aab1d6 9356612 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb c0c7d652922a5985fd0a14b4509d5c5878e357e4 2088144 libgs10_10.0.0~dfsg-11+deb12u5_armel.deb Checksums-Sha256: 871920e909c78c755592b791d439bf5d58639a8ae917f74821d3fa422b229e9b 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb 550d2c4382d9a80ed9a69a9a50ba81a8d02ec838f7ea853dd5efd77aec80f4cb 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_armel.deb d3902b8cde73637e0ce895417f1ed5ec3ec4f71dac470427ea0d66fe7985220f 11853 ghostscript_10.0.0~dfsg-11+deb12u5_armel-buildd.buildinfo 3646604609cd587cc2c9504dd76ad5bed0708c4efb17963f754c79669f51bebf 57024 ghostscript_10.0.0~dfsg-11+deb12u5_armel.deb 5a52a05c00a93e1b95116342647c3c6fa3797334272c1972384985568093ac81 39560 libgs-dev_10.0.0~dfsg-11+deb12u5_armel.deb 84e1024277f9747056c5bc0ab48f6520b5d730a1d931d1623d35d763d746b005 9356612 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb afa3891dff86649d50bab39029e064a71556ca3c6c802b49d5cce6f39f65426c 2088144 libgs10_10.0.0~dfsg-11+deb12u5_armel.deb Files: 9de488586358974ef7f2d3807a6ebcaf 6116 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb 595798eee8097f3ea24243848f7d908b 28048 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u5_armel.deb 7df3bf23cdb18fe52ed3030334306211 11853 text optional ghostscript_10.0.0~dfsg-11+deb12u5_armel-buildd.buildinfo c035b78e9231a51b0b2c987ffff4dd8e 57024 text optional ghostscript_10.0.0~dfsg-11+deb12u5_armel.deb 0fd3f3d507cd4cdee49d00ac094014e6 39560 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u5_armel.deb d1f4b8065657cedc95b793c43c614c5d 9356612 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_armel.deb f1fd96955678f02bd645813ed24bf106 2088144 libs optional libgs10_10.0.0~dfsg-11+deb12u5_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE0+FegZ3qs8CHnZkx+XaKpT5fkBIFAmbLLlAACgkQ+XaKpT5f kBJMCQ//bCJny8q6vp2EpWSgGuT/K25DYvDBDIVCx1fwkCgkjWSmDvua0ePcBg3I XEZyY9wlAxk5fw2yTEINANd2C/KcSjq0VhnACqMUV04cWYi4R2di9MVWYEbva2yt xyWDmhLshIzKVaTVXwuw+oy5YucvRvbpvx/L2bhldAb0vKp05gzQ0aU3bQIgv1fP sbFrAElZYN7fkv86rDdfPDS13i++c5834oaRakcDz7yRUEubr5Pq9ikP9ReGlSHH DOVbo7WF15KO79VomrJduGrHpidPN+0BVsWXjLskpKdHERy2zhZ0mw/kyXENRCi9 ayOckMt4OWRlMifKlA21McFRRFx/dECZOmXyATghay68Pw0TapMS8BtBO3hCpubi zUUSjV8KjYOLMoh8e5jHNWRqEdh+sPd/dUoQttO6tgyRHCfSUa2KeQO4TUhZj12Q o4G3Gt24ZYcLZP0P+MwDPv8vUOgodflAeRkbLKWLcxi083kAh+0PObKDd3J4w/PX yrclRE3+/5M4a2DzHdsCPElblCFvBPLP2YRiwRtT5MhEzNthmKfPbKmyiLNIdPD+ JiLoj0cFjLz1ddxd/AZ+vESEWNgAuB0NJT1/ekf1v29RG/owhTeE3we4gKJ4uydp fa0gtqsjmShz1vX6/A+/FzQ0qV4dF1l5dXuaTj7EGYkHeoC9E9s= =aRc1 -----END PGP SIGNATURE-----