-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sat, 24 Aug 2024 21:29:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: s390x Version: 10.0.0~dfsg-11+deb12u5 Distribution: bookworm-security Urgency: high Maintainer: s390x Build Daemon (zani) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u5) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * review printing of pointers (CVE-2024-29508) * Fix compiler warning in optimised build * Coverity IDs 414141 & 414145 * Don't allow PDF files with bad Filters to overflow the debug buffer (CVE-2024-29506) * Don't use strlen on passwords (CVE-2024-29509) * Bounds checks when using CIDFont related params (CVE-2024-29507) Checksums-Sha1: 8f450de1bd66afe0be1126b7662d29f0690abfc5 5728 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb 7a8820e4ab902c39c7c0beef80dd8a8771b4ca67 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_s390x.deb 83fbed240a8763887cba7c283220323122a2189f 11836 ghostscript_10.0.0~dfsg-11+deb12u5_s390x-buildd.buildinfo 61b73f0fa8a7659a40a2501e9d28d76701d5ca79 57140 ghostscript_10.0.0~dfsg-11+deb12u5_s390x.deb 0c8d7405b88f00ce19223fcf2340bc92e0f4202f 39576 libgs-dev_10.0.0~dfsg-11+deb12u5_s390x.deb d1766eaa31fca25e7c48aec67ab9f0a575043715 9597572 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb b3730d34a19c1e142ec268013a01e4312a35071d 2253504 libgs10_10.0.0~dfsg-11+deb12u5_s390x.deb Checksums-Sha256: 20801c3ba78ba2feb507081779000baa487014decd1a92a255f80687665e09d1 5728 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb 57394a6044d35d4d93b5f48e9d2ed9e4aefb6b337f9edab028ba8addcd9d4c95 28048 ghostscript-x_10.0.0~dfsg-11+deb12u5_s390x.deb ea66922a472ccb6919ce461dcb06d9d0f7618a648f1abd5900b5a8a4b27cad26 11836 ghostscript_10.0.0~dfsg-11+deb12u5_s390x-buildd.buildinfo ef6e2190f5a56554cfb9219034d0b346657a599d84083b1c17a4ff1a41f3ef91 57140 ghostscript_10.0.0~dfsg-11+deb12u5_s390x.deb 190ae3c8dea63f177e63e92c2b466ca5d0c4b6ff997ae563296ca5527604416d 39576 libgs-dev_10.0.0~dfsg-11+deb12u5_s390x.deb c78aa2e2188ee09994065c7c0de51c3a9c867f0870060f63547c631ef08cdceb 9597572 libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb 6bf3a876ab678824e263388763bb6d1713b1044f764dd8dd91089e51366aaca5 2253504 libgs10_10.0.0~dfsg-11+deb12u5_s390x.deb Files: 4ba9f6ff75a2f74c31f8630e17e96d85 5728 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb b1469939419032856bcaece54304b967 28048 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u5_s390x.deb 9a841d1b4cfe85c0613cbc8ae045aa3b 11836 text optional ghostscript_10.0.0~dfsg-11+deb12u5_s390x-buildd.buildinfo 23ee5ac1a217b244aaf809b3a4b016b7 57140 text optional ghostscript_10.0.0~dfsg-11+deb12u5_s390x.deb d66effbddcb1dc211276dd22f859b541 39576 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u5_s390x.deb 62d2da7eecda0e3f60c7e27683425082 9597572 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u5_s390x.deb 5db8e8521bc9e4f284bd65b76fc8a273 2253504 libs optional libgs10_10.0.0~dfsg-11+deb12u5_s390x.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZTC4/c20pi1/n7UBUhVQ83ojQ7QFAmbLK3UACgkQUhVQ83oj Q7S6BxAAhNVidu5NgokvgagH+VTw7bMSxeESgzIuN5hf7e7tix/CCstPWOKGHkp6 0Wz4lKBK9ZefPKlGKaUYc3R/guIMuxLx6PmCZwdRmwR9p1g7YmEgqAb3ndmgQxG0 Qrb3W4Oc1eEMJB7YuvNH5Cf/gowg5bDf5TdnZFPvhlP5+v5f3tSjnWb0S2jmdfnU OujaY+jai9saObOkru/3fByCLowzbPHoudt7yFJs/t4qH+dZtq1yqrSs1ulxPs4a Uf1hVWxp7FVTAgc80++7fvOwNuW28Zl/9uHej15Yj21wu06duRQ7ZDZtwofiz/Wx 80oHFAHBXweLqjAKZGLH8yoQeoZ7XEcB7ArQJ88K2QpySbzPbhltMvADbeMH8KFg inLnnSGPQ0YIsfVYcbdXsqn3moQN86wrgGzJ8ARuAxWzy9ccGjqy0WzPTxo40tMA 03Jc77ERH0AqFX6OC0f2wD4sDCDnrPHbrYxi3ghFklVV+6dD5xy/1aRng3rj++LV 3ydZbfIZl1ofsdW7/Lxv5saroN2IUQTov9skaERzeVmMqJwMcqYNDIDTL44vGjqL ilM4TG+yumc5JYZS/Yay7tBeEnNmc1Av9a5YFGPumF0DsgbPVx4OSZC7tJKnYRZ4 dOF4AbrRjcGx3bztn+8OfCESPVwcfyst04bs9O6nBm8cYucGANY= =5Mb1 -----END PGP SIGNATURE-----