-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: ppc64el Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: ppc64el Build Daemon (ppc64el-conova-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: 4ddd7c0ef5d29981705010349cda644c056a5a7b 5944 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb 452fd659aa276e1e2e42e150042fce57f2f7f257 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_ppc64el.deb bb224b27b978345e892f45473e7c1158014a1589 12086 ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el-buildd.buildinfo c40488bfd549889ab384dc70026b2048da134597 57808 ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el.deb c22c774b08dac5aee3ef6d30ea052418a79eb5e9 40056 libgs-dev_10.0.0~dfsg-11+deb12u7_ppc64el.deb ec635c5a849eea54fea01f474a7ce9d013e1817d 9743776 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb f4a6c88a476ef23a0c5ac57047931d4921b8598b 2613732 libgs10_10.0.0~dfsg-11+deb12u7_ppc64el.deb Checksums-Sha256: 4e6f241d381324598e1d4847b7410eb5c33982eff686861f633f52f2a2cbc4af 5944 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb 849f83905f648240f5a44fd56247546a3dfbdbea4742f6fb24cd15fb4309978a 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_ppc64el.deb bff053bb2192f74a2590d1c0393968d9f51f1710c4b41f6af300517c7f33e5ab 12086 ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el-buildd.buildinfo 2672f7c93a8aa923f7ab46404f99462f48a627db7d06782a05ec7c270c2053c5 57808 ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el.deb 43723bd892dd131428c2ca1142ee338ba1fb7defbd3482ae3dda3d7ae1c8eab9 40056 libgs-dev_10.0.0~dfsg-11+deb12u7_ppc64el.deb 5b4e500aef5979c4e50db1b3c6ee2094dd1877b51751331c91f967400b6620bb 9743776 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb f157b2de0028c44c1ebd4c4043d3634681900bd8f1b31c417086298eec978c54 2613732 libgs10_10.0.0~dfsg-11+deb12u7_ppc64el.deb Files: f25fccc4cd838b46798206c5a255691a 5944 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb 4b2797e7614329f8972873a856812c72 28512 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u7_ppc64el.deb c6be87d22fe187d4a7307fffe10be5ab 12086 text optional ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el-buildd.buildinfo ce13298a1d5c1a31d7cab23428ec4224 57808 text optional ghostscript_10.0.0~dfsg-11+deb12u7_ppc64el.deb af406d99864a9a7df7ba57f0e5ead657 40056 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u7_ppc64el.deb d4f5f838a61390562fd05da74cb5539d 9743776 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_ppc64el.deb bf4d6b895c04017aeaa42801b8dddcdf 2613732 libs optional libgs10_10.0.0~dfsg-11+deb12u7_ppc64el.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEvNkWZvjZkiWgJGRETMSrGPLkYxUFAmfj0RwACgkQTMSrGPLk YxWQFhAA4Fk7Lrs0riAvL22b0TBJ7KuDX4mT+S/S4zKoOB02QRlYLV2a1uU6YEUe jTT1HqAZzkIXrkM9qMLndQqGQPV0Ki1cM9o5hz8dyvT8x6cePD5odylp+NOwIgVa Hl5cm1A9xvN+4W7AQXLxOxc4maY6HMaXtHMSeXAgRua58n0Qs8VWnrTXWSEhfDM+ VOqC17tFOoqVO2aT0ezSuwxEDbou8DE+u3M099lk25oZqgriDH2EvPA/GoG4A++A sifW+1iRYSWzJ7VncvfzE94CL0pAC/BSlLix6SR3Lqp3SilUVRiRAjNM1gYbRkED qW8twA6qctDjsGgpaxFaM4nbdklIwbO0hSxvHAuA6v4ZsmcGVHvdsGMrB0rjcE62 uohDIvZq5LHwtPxQrNRbbqBG3v4EeE4tMFDZattnLbD5qG9UKjTp9j2HT+EsVk/f sSnrvakNj0v5FuKVumaYLJxL+DaC3ipy0Iw0WtnUGqSRV3T+RKEkJKdKO4/WxC24 00r94uB9ItoGcuXBBON2krlKce7IhfsqY9sxpHVh+deJakAiwuL5ngzgnDU8XhSv EqU/tBFV8r3BI1/G0pvG3/UjhmGb58oSiHPscFcjOPNgvjcR29kDeW1fiJfsHEOE mXXQzrMvAvmvju56J8+QxQSF2v1mWxUaeY4ne4EVDuUwxwpkSB0= =zxdP -----END PGP SIGNATURE-----