[ubuntu/disco-proposed] ghostscript 9.26~dfsg+0-0ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jan 23 18:56:16 UTC 2019


ghostscript (9.26~dfsg+0-0ubuntu4) disco; urgency=medium

  * SECURITY UPDATE: code execution vulnerability
    - debian/patches/CVE-2019-6116.patch: address .force* operators
      exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
      Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
      Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
      Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
      Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
      Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
      psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
    - CVE-2019-6116
  * debian/libgs9.symbols: added new symbol.

Date: Wed, 23 Jan 2019 13:02:37 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu4
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 23 Jan 2019 13:02:37 -0500
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.26~dfsg+0-0ubuntu4
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.26~dfsg+0-0ubuntu4) disco; urgency=medium
 .
   * SECURITY UPDATE: code execution vulnerability
     - debian/patches/CVE-2019-6116.patch: address .force* operators
       exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
       Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
       Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
       Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
       Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
       Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
       Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
       psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
     - CVE-2019-6116
   * debian/libgs9.symbols: added new symbol.
Checksums-Sha1:
 8a1f2fdbc00b69a6f3eb530e8034b23beedc9d0e 2831 ghostscript_9.26~dfsg+0-0ubuntu4.dsc
 ff25a0bd3e1387886ead0370f37023ad58224b13 118828 ghostscript_9.26~dfsg+0-0ubuntu4.debian.tar.xz
 10f559b77676188c33895985e2e82dd8e12cef68 11864 ghostscript_9.26~dfsg+0-0ubuntu4_source.buildinfo
Checksums-Sha256:
 83642e94b8309318b283fb01aecc3c5e6745979508450fa75bf79b645436864a 2831 ghostscript_9.26~dfsg+0-0ubuntu4.dsc
 a02ac9809b461eb213349859c82003a51cb928fdd479910286afea32703b0712 118828 ghostscript_9.26~dfsg+0-0ubuntu4.debian.tar.xz
 904e74e66a79ba6400332ae4fa5a96d7718708ffe00010868d4913b0b294517d 11864 ghostscript_9.26~dfsg+0-0ubuntu4_source.buildinfo
Files:
 088b33af7fa959ceb4f7bbbcb61c6e83 2831 text optional ghostscript_9.26~dfsg+0-0ubuntu4.dsc
 7b24af82657b7b0bba0a7ea9f07ccc76 118828 text optional ghostscript_9.26~dfsg+0-0ubuntu4.debian.tar.xz
 24cb58ae6cadb80b40c0920597ae7764 11864 text optional ghostscript_9.26~dfsg+0-0ubuntu4_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlxIuHIACgkQZWnYVadE
vpOuRQ//YFF2nA+yICytuxUZcrRwbp9Au9NleILfY3QPaOSZXJNuZXoHVfwt2fNp
F4L+6tyILvaZVg07c1Cx9pa0kN+LFzYRgWtSc9a0cxxCKZhYU/rvIZvdYHMQG/+4
3K6WadsquiWVapxTHDKku0PUJIdTxOb3nZ5ES1OXHkW4q6m3R0ihP6ZrGDjfkZG/
GusQMPsXj+ZHV136ODdMVqiDjiwpA/uuzCnj/iBUhCWteaVo9PkKtmu0u5wg2z27
dy1V53Yp2uZkXPKMy5FDBT6FnoeFN29zKxn3ItbdOowaULHIkOu9X31aP/So3/Jo
f+mA78W4LxPZNNfqboOJgbThvoBKm4+UF6QXDxM8kKYRN7VYdqefcCj1+K3n9xnF
l5mjTQPI2oMMF9xCKtrsP9BYGKOkhlFdh13zBwlm0lrrnMNidySNm/DHaPeoaB15
MoGhaZQiCj/9BNE1mnln4GND8gQRgRl14zXkTkFzSTx7PCDmmWNOISLtSWWhJ11j
G/6rpijvVCpNlpw226+JcS91k7rFmITRFCd/YNAoRoo3AkIKqnqyiaX00jPwXrWr
76BVEpJUZ7ZkQPYKNYbcOeCtWtFnXc8HRoqEVpVRL9GqcLDAr1ieaY8aTJn81xSk
+/bsipmSPw/aUghyzozTDevWfYfc/edzlQH44pUMOJuNoOQdeGM=
=+cqj
-----END PGP SIGNATURE-----


More information about the Disco-changes mailing list