[ubuntu/disco-proposed] ghostscript 9.26~dfsg+0-0ubuntu7 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Mar 21 17:32:17 UTC 2019 

ghostscript (9.26~dfsg+0-0ubuntu7) disco; urgency=medium

  * SECURITY UPDATE: superexec operator is available
    - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
      gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
      Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
    - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
      it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
      Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
      Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
    - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
      Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
      psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
    - CVE-2019-3835
  * SECURITY UPDATE: forceput in DefineResource is still accessible
    - debian/patches/CVE-2019-3838-1.patch: make a transient proc
      executeonly in Resource/Init/gs_res.ps.
    - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
      executeonly in Resource/Init/gs_res.ps.
    - CVE-2019-3838

Date: Thu, 21 Mar 2019 13:15:30 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu7
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 21 Mar 2019 13:15:30 -0400
Source: ghostscript
Architecture: source
Version: 9.26~dfsg+0-0ubuntu7
Distribution: disco
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 ghostscript (9.26~dfsg+0-0ubuntu7) disco; urgency=medium
 .
   * SECURITY UPDATE: superexec operator is available
     - debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
       gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
     - debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
       Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
     - debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
       it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
       Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
       Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
     - debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
       Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
       psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
     - CVE-2019-3835
   * SECURITY UPDATE: forceput in DefineResource is still accessible
     - debian/patches/CVE-2019-3838-1.patch: make a transient proc
       executeonly in Resource/Init/gs_res.ps.
     - debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
       executeonly in Resource/Init/gs_res.ps.
     - CVE-2019-3838
Checksums-Sha1:
 e0db58e0624b120179500a70e5ff93a0b9583ca5 2831 ghostscript_9.26~dfsg+0-0ubuntu7.dsc
 f91eb83305c5d5ccdd466d2d6590e80a50ec48d1 126092 ghostscript_9.26~dfsg+0-0ubuntu7.debian.tar.xz
 ed7dbee379cf0dfa2cdd2f027ef0d12ae2c68327 11856 ghostscript_9.26~dfsg+0-0ubuntu7_source.buildinfo
Checksums-Sha256:
 5e640d242c776e64a15f05f1aef35dfa07f6a862211a9ade36027924aeb82be5 2831 ghostscript_9.26~dfsg+0-0ubuntu7.dsc
 bb400db2996b328864590559b48540a70fe47fcd315a8bb203258255427743dc 126092 ghostscript_9.26~dfsg+0-0ubuntu7.debian.tar.xz
 9011769e442d4ca561023ca55beec8f9e8872384ecac687dbfe0c3aa7dd2a872 11856 ghostscript_9.26~dfsg+0-0ubuntu7_source.buildinfo
Files:
 eb5aa36a5e5df3e7b4ccc310a1d9b042 2831 text optional ghostscript_9.26~dfsg+0-0ubuntu7.dsc
 bb5cd00da73bce5f3b6eb27088c64db8 126092 text optional ghostscript_9.26~dfsg+0-0ubuntu7.debian.tar.xz
 806248eed879921643dc0d116a2449cf 11856 text optional ghostscript_9.26~dfsg+0-0ubuntu7_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlyTybcACgkQZWnYVadE
vpOJTw//VCQkFfVW4ypxiBcirAwHe/ofismcOzbRmZ4BzTM85ZzPqaTiGeyB1I6K
s8YhiRq7TOO98lYH9R2kvdm3hyiiCPP4pvjPSVAXMIV3FdHyzm3cgmcCGcgDMicm
7PU5fyj+iweV0Z0Nlj79ZT4ajMuptXBjhdglhhPxrCWYsBwi3f5EH+ANQZOkPdz/
Lo4DI+1pP5QsDUEGgF6iyhX+SUUbpDxKKfaDs7BTN8swXtW+1AOYK1U/uk2czCSs
o2hl9qA+PVpWuKSjBPF/KjnT1yf+xCs+NVw1xyX3b0UpVzDt7yOZ/FhtoflDwVK/
SBVqyNyN6t+E2Owz0WnduDM0hSM/fiRhDd4v2jDsYqBjyaNCmbp0w+gMBRH/M3E2
cbbh4oiH8hSs5AqZVN32eEavyZ/nn3FnJxanGb67T6O15ceL6Yyhdlbhl1FZFXQL
fSSkvmpxIO4EFVBm7crbiaAngBhdC5Hft5NdWg/oGVPuYvmS6pU5nHCIE1XxSiJl
H0uLzOYeMoCbX381+rrk+jAg7suQ+6leSLXrZq2n3ZYXkiuPYj5EVQ9QEC2oLxvZ
5gkrrVcJ8ENN88RQQK0perTtrucXkUbMm8dIVJ4OtPrylk6tYGdAjpFmltb3MhxK
k0XCy18f9onk/XNwgzRm9e9Q7PGCGcM3RVJ7Vtkc2eUh1Xx5pB0=
=F3jA
-----END PGP SIGNATURE-----

More information about the Disco-changes mailing list