-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript-doc libgs-common libgs10-common libgs9-common Architecture: all Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: all / amd64 / i386 Build Daemon (x86-grnet-03) Changed-By: Salvatore Bonaccorso Description: ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati libgs-common - interpreter for the PostScript language and for PDF - ICC profile libgs10-common - interpreter for the PostScript language and for PDF - common file libgs9-common - transitional package for libgs-common Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: d0c42e246bbf4cafd05f442b8e6ef2f5d11aee98 7710932 ghostscript-doc_10.0.0~dfsg-11+deb12u6_all.deb 03c8f2b428b2ccfdce35904e77829d0e6cdc096f 13378 ghostscript_10.0.0~dfsg-11+deb12u6_all-buildd.buildinfo 21a75c4656ace4b396a34c9f5b6c1c3f9bf16e0d 149468 libgs-common_10.0.0~dfsg-11+deb12u6_all.deb 71ca35613d0a3a5bb90117bed26d8835a66ef0c5 586552 libgs10-common_10.0.0~dfsg-11+deb12u6_all.deb edb0b54e03233e31f26fcd75ef0d345a93975f07 28284 libgs9-common_10.0.0~dfsg-11+deb12u6_all.deb Checksums-Sha256: 2688a3ee0484c2037cbbb31f60ff233983bd64c14d80311334c0c015b9b6be9e 7710932 ghostscript-doc_10.0.0~dfsg-11+deb12u6_all.deb 7fd6e06282f6818430691301f767c2738b51fe06e39ad42e15aaf62e66b4c2b4 13378 ghostscript_10.0.0~dfsg-11+deb12u6_all-buildd.buildinfo 90e70c7c0c7703d856061018da8a4881bf3c5795a055fd43004b665d05656479 149468 libgs-common_10.0.0~dfsg-11+deb12u6_all.deb 68b3c9a0ba3f0136c71b0bee3c9e34788438edf93b361d239f53d2aa85eb3fe7 586552 libgs10-common_10.0.0~dfsg-11+deb12u6_all.deb 8d0177abe8c12ed4baaf642df7ddbe1dbc32f82b285a492ea304728a27028308 28284 libgs9-common_10.0.0~dfsg-11+deb12u6_all.deb Files: 46f8721c426bde18816ab503ad8fe41d 7710932 doc optional ghostscript-doc_10.0.0~dfsg-11+deb12u6_all.deb dbf91291a782ecd41fb2b998a37c0677 13378 text optional ghostscript_10.0.0~dfsg-11+deb12u6_all-buildd.buildinfo 21fc5338d8096982bd9c3103b15d2ebf 149468 libs optional libgs-common_10.0.0~dfsg-11+deb12u6_all.deb 2c797b1720e5129676bfbd482348713a 586552 libs optional libgs10-common_10.0.0~dfsg-11+deb12u6_all.deb b68884f80fe21f0f2740de8b601cca70 28284 oldlibs optional libgs9-common_10.0.0~dfsg-11+deb12u6_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEe8x49oT2k+seQstpgDm7h4zfCpIFAmcwr10ACgkQgDm7h4zf CpK7KQ/5ASjZzGBtiFwXHBZTuXrZJhARJPOrCOfWxZpjKxqCOM0nISUSr/N929Gf PAHRR/siRn4bQYQU1nqtVJo5cKujL0EHb1UNmtYuvg2ptp5aF7Cdqbg3U5+bhH7k idZ9hyQuZoqMkeiBRkTuPvSOcvhuk0GPGsFG54L7dCQbhhqB16CYIR68Q9xxu+k0 bQLa8JUCIS7Vghjvh7loYESSA0+H1MXXWApmbsfGxeZ/94bY2D8xQHO30algJhBq enaTLSQmJGg9cATNcp6KvGDF6mhUI1d72ARGpkgHRQXwbg6MmbsbCFaR2I+4wi7w Klipzb+C+gXJ9m+eO/fWswAf7ugko+AX4AGQJhmLlJxhY9TjhG4R0unrOmEqz1CY FKvSmI8wU6tckMXqE/NoU1Ze8TsNO7T3tKebX0zqVLQ6wcfGUYoX6qhtEmvrkKl4 er7/9uCTiTYbRDuzmtDwUKUwk6WH5xrBLTBlFZ0KLMAMEOfgAXrIAiNWdb2ILC+D JvQQGnKYZhMIEp2FYRiI+bU0Qv9tmSEX+WUAGaC6098d+zO9Q3Hxi1ASSUNsOMMa z/I75eX3leSQq9y0vb8tbR9+Dlx/l/WY8wChR5A3Q04WzGjMjgplHvo8IJzrTrxu KhAlVz2Ih7h2bQ2ycS0cn6fPbjOzTwNwZZNVUE7ELdh+c3TWNh4= =tg6H -----END PGP SIGNATURE-----