Publishing details


ghostscript (9.26~dfsg+0-0ubuntu7) disco; urgency=medium

  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have run from in Resource/Init/, Resource/Init/
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/, Resource/Init/
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/, Resource/Init/,
      Resource/Init/, Resource/Init/,
      Resource/Init/, Resource/Init/
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/
    - CVE-2019-3838

 -- Marc Deslauriers <email address hidden>  Thu, 21 Mar 2019 13:15:30 -0400

Available diffs


Package files