ghostscript 10.02.1~dfsg1-0ubuntu8 source package in Ubuntu
Changelog
ghostscript (10.02.1~dfsg1-0ubuntu8) oracular; urgency=medium [ Marc Deslauriers } * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad Filters to overflow the debug buffer in pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack-based buffer overflows - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont related params in pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont name - debian/patches/CVE-2024-29508.patch: review printing of pointers in base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c, devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c, psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in devices/gdevupd.c. - CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in pdf/pdf_sec.c. - CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via OCRLanguage - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. - CVE-2024-29511 [ Chris Kim ] * SECURITY UPDATE: Arbitrary code execution via uniprint device - debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device argument strings after SAFER is activated in gdevupd.c. - CVE-2024-29510 * SECURITY UPDATE: Path traversal and arbitrary code execution via improperly checked path arguments - debian/patches/CVE-2024-33869-part1.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - debian/patches/CVE-2024-33869-part2.patch: Check that a current working directory specifier is valid before stripping it from gpmisc.c. - CVE-2024-33869 * SECURITY UPDATE: Path traversal via improperly checked path arguments - debian/patches/CVE-2024-33870.patch: Add a check for parent directory prefixes when handling relative paths in gpmisc.c. - CVE-2024-33870 * SECURITY UPDATE: Arbitrary code execution via custom driver library - debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that specifies the names of dynamic libraries to be loaded by the opvp/oprp device in gdevopvp.c - CVE-2024-33871 -- Marc Deslauriers <email address hidden> Wed, 10 Jul 2024 13:28:20 -0400
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Oracular
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any all
- Section:
- text
- Urgency:
- Medium Urgency
See full publishing history Publishing
Series | Published | Component | Section |
---|
Downloads
File | Size | SHA-256 Checksum |
---|---|---|
ghostscript_10.02.1~dfsg1.orig.tar.xz | 51.6 MiB | be748526dc3c6c45c9b192805dfeeec0c90f36f0ee2078c6503ecbe36fcba202 |
ghostscript_10.02.1~dfsg1-0ubuntu8.debian.tar.xz | 93.2 KiB | 35e256da6180774206e29dafa84323d724faeb15caa6102e135a289ba22f525b |
ghostscript_10.02.1~dfsg1-0ubuntu8.dsc | 2.8 KiB | 720db60d88aecabce241f771b3ef9edf269235035a5eacad60e3f617ab85e435 |
Available diffs
Binary packages built by this source
- ghostscript: interpreter for the PostScript language and for PDF
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
Furthermore, it can render PostScript and PDF files as graphics
to be printed on non-PostScript printers.
Supported printers include common dot-matrix, inkjet and laser models.
.
The suggested texlive-binaries package is only required when using dvipdf.
- ghostscript-dbgsym: debug symbols for ghostscript
- ghostscript-doc: interpreter for the PostScript language and for PDF - Documentation
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
This package contains documentation for GPL Ghostscript,
mainly targeted developers and advanced users.
- libgs-common: interpreter for the PostScript language and for PDF - ICC profiles
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
This package provides common ICC profiles.
- libgs-dev: interpreter for the PostScript language and for PDF - Development Files
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
This package provides the development files
for the GPL Ghostscript library
which makes the facilities of GPL Ghostscript available
to applications.
- libgs10: interpreter for the PostScript language and for PDF - Library
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
This package provides the Ghostscript library
which makes the facilities of GPL Ghostscript available
to applications.
- libgs10-common: interpreter for the PostScript language and for PDF - common files
GPL Ghostscript is used for PostScript/PDF preview and printing.
Usually as a back-end to a program such as ghostview,
it can display PostScript and PDF documents in an X11 environment.
.
This package provides common architecture-independent files
needed by the GPL Ghostscript library.
.
By default, GPL Ghostscript uses a font from the fonts-droid package
to approximate glyphs in PDFs
for which the requested CJK TrueType font is missing.
If the fonts-droid package is not installed,
these glyphs will be rendered as bullets.
- libgs10-dbgsym: debug symbols for libgs10