-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: arm64 Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-02) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: e01fe094be78d5d551d8d5b3d72c41bc19bc66b1 6040 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb edf35e19dc3b619e0eeabdf0e2e3898c03b42ba3 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_arm64.deb df7408926602e261af9207e6bfebed03c42621b8 12004 ghostscript_10.0.0~dfsg-11+deb12u6_arm64-buildd.buildinfo 6b413240a91f8de571af99aeedc9ee75a8fd0e1b 57552 ghostscript_10.0.0~dfsg-11+deb12u6_arm64.deb 0271bbb171b30db3c73a790ddad34f40c9c75530 39816 libgs-dev_10.0.0~dfsg-11+deb12u6_arm64.deb c97d03c126edeee5d45391a2bde393f59c056c91 9492204 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb 10947bcbc031a71444af63fa3472a4c9debf0fcd 2257912 libgs10_10.0.0~dfsg-11+deb12u6_arm64.deb Checksums-Sha256: 8d82e5f8cea065cebb06baa107fc589f672cb2cabe4a0fe1ff5069e92c2a5399 6040 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb 0716d3277e7be4f378f68da0123e6e6a51328686233c27beff3585409a1858cf 28280 ghostscript-x_10.0.0~dfsg-11+deb12u6_arm64.deb d7db52e6a94c0c5f5441a6d5f469791e4d88d9c4d26a1a9150803e2b44cc9fca 12004 ghostscript_10.0.0~dfsg-11+deb12u6_arm64-buildd.buildinfo c470404ba6840124ec3c73257bf96c1d4ee16dc662df45f0e526e81d83f2c432 57552 ghostscript_10.0.0~dfsg-11+deb12u6_arm64.deb d0fba6a6b4873da50efe430026e5255d3fb82f54755c273eb7e7fe37fad50f8f 39816 libgs-dev_10.0.0~dfsg-11+deb12u6_arm64.deb 227016ff4f09aeb8b61274a4e489904fe2713f136dfccd67b2fbcae4915e1478 9492204 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb 56dd0be2a62e131d8c6261aed4da0acbf1846940fa17e7f9482872d2d8ebe619 2257912 libgs10_10.0.0~dfsg-11+deb12u6_arm64.deb Files: 6d274847ce7fc614de18223e2364477e 6040 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb 370253cb9f76eca9ab9697b4a5c9ac9d 28280 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_arm64.deb fee50d9ef4c0244078c11e2fb409dc0a 12004 text optional ghostscript_10.0.0~dfsg-11+deb12u6_arm64-buildd.buildinfo 1ef66537efc697d9aec4abcf4f5cbd1f 57552 text optional ghostscript_10.0.0~dfsg-11+deb12u6_arm64.deb b2af12eebd5e05f1388032b255f943ea 39816 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_arm64.deb 7a07f7e2fd392679061fda8e7bca6123 9492204 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_arm64.deb fc364ded01431b9be5de2c1196c0debf 2257912 libs optional libgs10_10.0.0~dfsg-11+deb12u6_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEKAzExpjGvTI78ZO8LARVyvnD3xkFAmcwrykACgkQLARVyvnD 3xmABA//at0U01HLgViF4WY+DxUcgxUZciPeBMXgmH1qSJ66lEPR7zqEiLfMHA9P tzm+IrVtdx8f8tRsciem/fg5LRxx4wqEwi6DmQmxmAPljyYt1cIgpWe+HYst/UE2 x6J6lRCr8rA1/+FWAlcna8yJNx9AYU7wu7UymlAzlReAqVeTTn1EOL6ZyK8zMAxl y/BANumDbe9QNEoMyvlgD6+fBC35W0KZIF0Ijg+jLvAJDxHAQQL1pV1TGRTLUyqM IW2LpJWi3p4vwFeO6Zphj8V1kvVLuGOhKto11uL9ZWGF9q1TzpPj6/l2rSKDNJxt Qu0jEiWmj8qYG+ye0suMUHyNHtFIuc+R8yNhYYsM1EeICRYH3tMKRXXib1ANNTW1 cOTSc65eD9eE9cGJxxoI0hR2CI1xjkblEb8aJsi//iErtP5GopI/vWC1MfNhSvU3 rUCSWq/EElHZPlZ11y7ULF8bXzNkkxkF3OShiCr4nHWuiX99i4tl7WwQu5DDFPr1 05gpfjP0BLGSrxuOvWajhya5LBsBqNAm+kKV6KaWxfhkPcx4UDTiicWTQZRYeVcu ysik++ImdFoT/74XSRjr1tBv8inTlvsr1ACvnxRSyWwbdyPGQDy9Dx3x7E/EMKuN 9zAdOEa5hylg6Np7rPNohruM8bSh/taks6uF9YfKFOqutFv1tYE= =0uWm -----END PGP SIGNATURE-----