-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Sun, 10 Nov 2024 13:20:08 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: ppc64el Version: 10.0.0~dfsg-11+deb12u6 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-osuosl-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u6) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Check for overflow validating format string (CVE-2024-46953) * Fix filenameforall completion cleanup * Don't leave a dangling pointer on the stack * PostScript interpreter - Null dangling references on stack * PostScript interpreter - fix buffer length check (CVE-2024-46956) * PS interpreter review colour code for stack pointers * PS interpreter - check Indexed colour space index (CVE-2024-46955) * PS interpreter - check the type of the Pattern Implementation (CVE-2024-46951) * PDF interpreter - sanitise W array values in Xref streams (CVE-2024-46952) Checksums-Sha1: 59915b8aec8a7626a60743a43bb25e64d8d5d074 5944 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb fb042423141616061b3071e4cd83832e6f4a17b3 28284 ghostscript-x_10.0.0~dfsg-11+deb12u6_ppc64el.deb 76c9806cc93514130cdcaf2d34b3c2048c81a1d2 12041 ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el-buildd.buildinfo 20b363d3581e4b7d0a888eeb12e9b305d5a48edb 57572 ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el.deb 5be991323d3cedff1f70e08d9623f060e19c241d 39824 libgs-dev_10.0.0~dfsg-11+deb12u6_ppc64el.deb 83ce43f89b8f891fd0eb298a02a7142d2ae4600d 9743548 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb e2ac81b47e2fa61ac90a63c1438c1da0d87873d6 2613116 libgs10_10.0.0~dfsg-11+deb12u6_ppc64el.deb Checksums-Sha256: 27e52631c1b65b9665c5a64955103576f0af0c8a4ffde333ce2d299e22cbba10 5944 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb 854a4b3704c7cb5db738169bfd9cd4b8f2167e869e9d2e213240e230814919c8 28284 ghostscript-x_10.0.0~dfsg-11+deb12u6_ppc64el.deb b4206f61afd60152f4fd6e20defbe886e5ce494e3526579e9fc1dd7502dc326e 12041 ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el-buildd.buildinfo 6f102385f82dc3cc4522c485bdf1c599a6f6242e6ae59ee4161c551c6db6a717 57572 ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el.deb 69e68eef8816ff3ff0d91ef739ea328bef619b8a0e742ac6b51bf582bf5ed7f5 39824 libgs-dev_10.0.0~dfsg-11+deb12u6_ppc64el.deb 675ea7b2a8f773f328cbcd638fbc4539986a625f1205a32f379bd48d805e8a03 9743548 libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb f08b5cf977f7a49d79005f9170d5f2e452b70eb7400e3078ba7f467ac05a3a78 2613116 libgs10_10.0.0~dfsg-11+deb12u6_ppc64el.deb Files: 4f677d8dabc5ac6f48b3e8a7edd7c1b3 5944 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb b28bcb2ad2dbc4e07abf95d0fee3802f 28284 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u6_ppc64el.deb 3e2e5afc08ad82f78b4d9594db072b87 12041 text optional ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el-buildd.buildinfo 7ba962adf45297de820b4b4c89a9031d 57572 text optional ghostscript_10.0.0~dfsg-11+deb12u6_ppc64el.deb 9b0eeb1f198929eb5a014cf6e43f8a6d 39824 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u6_ppc64el.deb 6d62593cec1cb7334f4fe0a04c0d81e2 9743548 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u6_ppc64el.deb f04238504cac6823d3b8b03fe86ef476 2613116 libs optional libgs10_10.0.0~dfsg-11+deb12u6_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE5v3ycPFoB5xoBEprvMjydu+xvRMFAmcwrykACgkQvMjydu+x vRNrwA/+Ks7M1ZyaLNyNa/H30SZyz5D21Kn7jf+gbv8MWlVJffV7tKpK6yU2p+MQ 34s+QAonw78/FqCm3ycc/tNvitMcFGYMmko8ayhUzWa5v8rO/4y9lSi3Cp8KMa1L va9iOQETusU4X269OwRAxzx4xoBsydPJ6yaf6ECTf6ZDCGV/YvIMisl6cTIfIgTr kycA3LaevauvDbDch40PuaFRz+GW7qNdC3SqbfCS59PJQAEr0VLYHoMCcyFKp3Z9 MZ4XgFKBDER4LhcfC5VJ02i3lOeQglUS42UBmN37QFJdZMfp+2btrfY+m0byBmx8 +FIA9FP5kmUkNmRMbpZBqtMHd0LNE3Wr4v3igkfDSyQqHH1psonSH5e33EfW20N8 J4cEVlxtQdP2E/JTlzqrJHakHtKSXZhYswRv14mCuCylxNiSUf2c8My5GGD2LxYm oppp3rjTGTNsFyFasySbDGgC2QNeq9kCx6EyqSqutwfbVsdF4VJ/3Um/AW5jsf77 Z+5zdCv7G+GqPlu4rh3IQFPJbFCPKblmOAiLTXKgqR73UbBE7XREVmrj3vVWjIDr aQlmkCIDf34JltsnLw2AuGgflFdeMndR4kaZL/GBdjWV7PAVdXMJPaUcKGj3RuzJ oPkLYOzBixFZUjq1OLTPDqB+hUcYU5ARuSQ/xgdzqU9KYDfEzTU= =si1h -----END PGP SIGNATURE-----