-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: mips64el Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-conova-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: 7b68a5ec7cf1db7f08481d0c5fe3389e90ed3fbf 6256 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 76eeaafd19fd2653312b5c90c8dda7523c268c8d 28284 ghostscript-x_10.0.0~dfsg-11+deb12u6_mips64el.deb 7fea1df97143ca32cb52669121bda5b037acc087 11893 ghostscript_10.0.0~dfsg-11+deb12u6_mips64el-buildd.buildinfo a54abcf530ae9dcf712d1b4b452d77c671b567f0 57632 ghostscript_10.0.0~dfsg-11+deb12u6_mips64el.deb cde1815feb6f5885fa0f6346c9b2b04ec190632f 39832 libgs-dev_10.0.0~dfsg-11+deb12u6_mips64el.deb 1751f0230f600cbad12d62a28ece3d6c8baee37e 9854848 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 3d59fae37ff4861d87a1922167d068da0546d0c2 2223700 libgs10_10.0.0~dfsg-11+deb12u6_mips64el.deb Checksums-Sha256: a1922d7e2a4afa232d06a5c466189d165520e89ec33b2339058dbcd7ac601839 6256 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 4166911caf3045a75675a319cc6d3a8056480be19a38226a4e372fd60578e5a3 28284 ghostscript-x_10.0.0~dfsg-11+deb12u6_mips64el.deb 023e9c41daac9f383225426ec5b39b9779417e52e38998a36b9804c4172b5fa5 11893 ghostscript_10.0.0~dfsg-11+deb12u6_mips64el-buildd.buildinfo fd3f9e6ff18dc609711ac49344e22c1933da4315b146bec06f2b40c8833531bb 57632 ghostscript_10.0.0~dfsg-11+deb12u6_mips64el.deb 5f9db682a0c00a37b6e17392ef3b27b583d74a9f76b1a1de0fcf76d0313f87fb 39832 libgs-dev_10.0.0~dfsg-11+deb12u6_mips64el.deb e7af9ea50e8b4cba27cc8f8aa6683e357fd73ec3b67d8178791e0b7fbf538767 9854848 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 0975194f7f7e25a4c4805e6054179c879c469fb195b4c425fa9d76f03cd02dee 2223700 libgs10_10.0.0~dfsg-11+deb12u6_mips64el.deb Files: d536f65fbea2ccdeaf2b164cdf3b691e 6256 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 0134227137a5d9f0d86a912eedcf8337 28284 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_mips64el.deb 248764298bd9acffaa9d281e308f2a15 11893 text optional ghostscript_10.0.0~dfsg-11+deb12u6_mips64el-buildd.buildinfo e55b9a3d4607bf7aa2746c9fc2695f15 57632 text optional ghostscript_10.0.0~dfsg-11+deb12u6_mips64el.deb ac46e5342b6ea012e01758aba279adcd 39832 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_mips64el.deb 0777f4c3196f406e731a9be0fb029ee5 9854848 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_mips64el.deb 2507d62a00f44d4aed2d5b40d766f5c4 2223700 libs optional libgs10_10.0.0~dfsg-11+deb12u6_mips64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE4XsUwTzVnrRXCi24kDKf1aRLtZgFAmcwtDsACgkQkDKf1aRL tZhwyhAApkp2sEUxoV/toiR/D77GgBU08yk0EZy53qZI+W6CoPvSMYdwDOvLu8Dc xLl6ZcGbcY146ttmY5xGhmYmSQgYk4LgEwpccL6cpCQ2f85lAlIx6mr/C9RAWcg0 Xafkko4EOawdxf8zi37D1fGzPJX3c4R7ZrYsF4QcMIm7NomrXoe8dcXBtnfzdSU4 JW1bmx2mNdkZma6QeGXMlbTzYjB2a03vBJhr5oSnvKksBcIH7kWakgf0SrP/hk4k +5rqv8K3KstZaLBR8uBc3urbWg3/A8EnRw7vWI0i7472aOiVKyLeFpce5LY7QBXv YFooo+dDS5caCCEE4kMVlfpOu8WTRGmIwxUtFAJsHJjWWd7TgGMy523hhVOa6C1i Tiu7uaA2xtgEpgh/yoXv/kMYDeZ6GE4GRdcHNmDNWEmIxpGoAFxY40soRg0ODqOt OIYEeakdGa32F0d7N0LjiHvBEWRKFmapSx6fc+8iW2s1ZwROX1x8K1pSpuqgZPmj sPZVm4iKS/sliBFe+4lezbSt3aucj29aVt/DQJMHOIzSmBYL6/9Bl50YJsdQcErZ h+eTWDf5O4RvvlSd6ciMtgjHPRnM6WsadllCV8cWV/ya7+XSDY94hTg1lX/sv8Ce bC0FtbuH2Jv3WGpBUV+vjSybiJTGtjqqwQhwFSd7RupyrF0+dfk= =wmXv -----END PGP SIGNATURE-----