-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Aug 2024 21:29:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: i386 Version: 10.0.0~dfsg-11+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: i386 Build Daemon (x86-grnet-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * review printing of pointers (CVE-2024-29508) * Fix compiler warning in optimised build * Coverity IDs 414141 & 414145 * Don't allow PDF files with bad Filters to overflow the debug buffer (CVE-2024-29506) * Don't use strlen on passwords (CVE-2024-29509) * Bounds checks when using CIDFont related params (CVE-2024-29507) Checksums-Sha1: 75c50f456cd16847b8e678fae6da2489c472d76c 5576 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb 815b2cc30c766abb0d5fc72e2ef277d117bd2c39 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_i386.deb 060eb225e2be6e0be39d813c287f6159a382d30f 11984 ghostscript_10.0.0~dfsg-11+deb12u5_i386-buildd.buildinfo ed09b106974c335c3c4e18b48dd1226187d63fc2 57276 ghostscript_10.0.0~dfsg-11+deb12u5_i386.deb 94fa71d7d0509135955a401c188e4312a98a5a4e 39580 libgs-dev_10.0.0~dfsg-11+deb12u5_i386.deb 92a1c1072942e8dd796073fd475d737d88efecbb 8705476 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb c979b85b79033c3aba78370ad5d64639ebf2c2ab 2606784 libgs10_10.0.0~dfsg-11+deb12u5_i386.deb Checksums-Sha256: 443d290cc2b7408ad9e485ea3d23084d9ead9b5818dbaa2dfc4bd1b32ac245b4 5576 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb 2c63b50e769bfb263c9c602031eb8ded564a5dadaeca976d1b99d5b2c242c93a 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_i386.deb e14aa206c59ef705c2691a27733b9ff80f40212c2da3028ff327fcf4af894816 11984 ghostscript_10.0.0~dfsg-11+deb12u5_i386-buildd.buildinfo 16d96202be6e659c0653b8be6c3aa073759a2cf7a2fc277ac6e41dc62e0287ce 57276 ghostscript_10.0.0~dfsg-11+deb12u5_i386.deb b20d1b7a162606781c061b44361c8e9da8ec1e15e3fb3b0b284e9e127b46ad3a 39580 libgs-dev_10.0.0~dfsg-11+deb12u5_i386.deb 51f0a083fa7154bee595b012f6728be9cb98af48368bb50b28d601a714979c37 8705476 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb 78accde3f47166ba4fcde45219ba647422be40e24217b7caa48795c9d85ba9d3 2606784 libgs10_10.0.0~dfsg-11+deb12u5_i386.deb Files: b836a602a85dc38004037bd8792e3f99 5576 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb aae8c681d23acdbcbd801785d659e52c 28048 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u5_i386.deb 86ee9f78a89d16e70c397f179c3c2f1a 11984 text optional ghostscript_10.0.0~dfsg-11+deb12u5_i386-buildd.buildinfo 37a2e236d6ff52e49b891687486c5cd6 57276 text optional ghostscript_10.0.0~dfsg-11+deb12u5_i386.deb 50b7cf7dd58541086f1db434435a25be 39580 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u5_i386.deb c6fb81066f2c13dfda3053778e985113 8705476 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_i386.deb 9dd9263ad92e413f3f26f6601a6553b0 2606784 libs optional libgs10_10.0.0~dfsg-11+deb12u5_i386.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEyTfXx8sBpQ0Lh3cUU9a0/LcaTpMFAmbLLGQACgkQU9a0/Lca TpNtyg//e1ZQ01Apt+hqpWN+ysb32IxvbrmSCYdEY6qkbhUBpK6Zdyngim37zRIZ eUjb9n7hrWnFIHDs5EIvNBqqt1YM6+zRUMXsZ3q+p589cvITLVfRHhpGJa3hgnnt FsJ/tUUNHTZVE34tW5Peqg42J9NZFlbtRfthyTFyYEj2SAqXtpqv71Mw4iHAV5Jx 8rjDMsT0DNp7ZI9/BxW7jqtGi+0DcAfEJ7w4cQlvCbKVqP8t+FtLvMupUzfFqLoD Tz4OJrUS6ZlsI+FESa/KdzgWajWBuOkLG8qPxwji/MRqT6YwNyYRh4U2uuIwSxqm /36LlrAL3pHmseYBtEWkiQcL08wpiF2KfRR/vgvQD7JV2av417jFjBtcIwq8kSQo pYM1h9s1ycCX+KhbDBeCyZnIgk7fzDezSCE3Im/2Ivt6FmOO87ObVkegh+Sn6v01 9bJ953az6KxYeYjoKcP1RpIfKytSjSTDkDgqvmHJievdPEP2JxW0358UwCcWtfaY q8wEqMYFk998DhVKvjah4B5C9dHcZbujV0Aq6HZv3qw29YE9P0AbJ9zzsoPnJpAY VFudGb0IxvZAQtwiuAKwMcb4HAEtbOVq1VzhWMVaQE/zlLNMk66Sv7eWMbllIxT3 09U5W5QmA3OEjc5M/56kaLZvH00MNB08Zq/CnJZjQPVlGCVdgWA= =L0XR -----END PGP SIGNATURE-----