-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript-doc libgs-common libgs10-common libgs9-common Architecture: all Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: all Build Daemon (x86-grnet-02) Changed-By: Salvatore Bonaccorso Description: ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati libgs-common - interpreter for the PostScript language and for PDF - ICC profile libgs10-common - interpreter for the PostScript language and for PDF - common file libgs9-common - transitional package for libgs-common Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: 753c2f5f8cbfad6b18bf0750a6faffbc3fe183ac 7711108 ghostscript-doc_10.0.0~dfsg-11+deb12u7_all.deb 64f0c3fec24cebe39d29b93b790b30648e32ad93 13487 ghostscript_10.0.0~dfsg-11+deb12u7_all-buildd.buildinfo f2ab0167f0242e14e3e6b22855d7c1aa29836091 149432 libgs-common_10.0.0~dfsg-11+deb12u7_all.deb 118968eed21ffb6af9ae807e6eafa434915aea17 586868 libgs10-common_10.0.0~dfsg-11+deb12u7_all.deb 33bd365ded2091de66ab2784015647de7e682d69 28512 libgs9-common_10.0.0~dfsg-11+deb12u7_all.deb Checksums-Sha256: 501c3c0ef7d74c0ab114fd749f3b9befeabf3f7aa478582f26cdc84ef8c25fe7 7711108 ghostscript-doc_10.0.0~dfsg-11+deb12u7_all.deb 755b66213770f140eed19247b455bae8bee40141561ef0ebd081d25138c04137 13487 ghostscript_10.0.0~dfsg-11+deb12u7_all-buildd.buildinfo c6d59416d29f3694b733eb9c6f95319446721d0550b35f746caf38b969e9f74e 149432 libgs-common_10.0.0~dfsg-11+deb12u7_all.deb fc572f8fdf216fd384e7898ec6d8ed7f93ba17deaf87520d9cb645fa880c8666 586868 libgs10-common_10.0.0~dfsg-11+deb12u7_all.deb 0d48dcf978c574da6436479f189b1370d3922b0f8d3f370aff597204b282def0 28512 libgs9-common_10.0.0~dfsg-11+deb12u7_all.deb Files: b3b8b8e8cde8d91ec0149a51d073477a 7711108 doc optional ghostscript-doc_10.0.0~dfsg-11+deb12u7_all.deb f63430b2dd09fcf7f29ba4ed7b3e3968 13487 text optional ghostscript_10.0.0~dfsg-11+deb12u7_all-buildd.buildinfo be9bbfe3f1fcf7d7206857017a2a0a60 149432 libs optional libgs-common_10.0.0~dfsg-11+deb12u7_all.deb e74637e96147c03c72f0acf0513a0c16 586868 libs optional libgs10-common_10.0.0~dfsg-11+deb12u7_all.deb 843d2520d5af9d067536fa6531832ced 28512 oldlibs optional libgs9-common_10.0.0~dfsg-11+deb12u7_all.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEj4Fym5GgeZdPqKhrJm69HxMTN+oFAmfj0bMACgkQJm69HxMT N+quxRAAmZpOg7iJZ6ArYZsG9ud4LJuk3FXEVV/Y/YAJ073TWcp9Js7slNb9gjAL pHc1nwv3LaiATXbmovCSf69CCnbet1hN2Jl3MbUJw98tBUPuW9o1P1g9fxrPmXWV AvvNn+bx/HzBZutTP7eevXxdJLbC3TIHm+qGTQjDLKxgbySil7frXBa70jZrB6Bt lZzskQX/sVmJchuhjzjkepUC22ySL4BvEy1lGsx9cqY0dPCiE9r3HWcX5s6q0DFt 8Q72nnvcVSmYOZEOn4614UCBva7q7eMdfYbOHK3+DYxGTVDBV4V8v6GldFt5m8/0 S13muXf0viyeA8jSG3ZDXO9UBTw2hIMHO7tB7swVYFC796hPwvVL/9hn+DiW33Oz Ib8cS1FhOxOHzI7g84mPNOPcmPc0psd8iLHkvMQXH6yVHVAVqostzoE7DzfmyXhE g7HyqHazRGWmga6gjGym7CT8JzPZomwhXZNO2OOuK8sf89gZWu2fBFpxLNGZNiw1 8bOMgdShm1rWNYgxDB55Lp9OsaOBfNI2LW4hcAnHIE3cGzBaZwDS/+jr0zeCkmwu XEs5Q/7km+Q4t7vs7f56aZEH5YgGvqeXcwpIkH9UCULEChlJSoYSPiHTuUgTgSoo 1ty1nAdsFEOQ8vbYt9zWFlGrckhZMNCazrq0A1owaaK6aIxSdbo= =Nja7 -----END PGP SIGNATURE-----