[ubuntu/eoan-proposed] ghostscript 9.26~dfsg+0-0ubuntu8 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Tue May 7 16:48:36 UTC 2019
ghostscript (9.26~dfsg+0-0ubuntu8) eoan; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
- debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
- CVE-2019-3839
Date: Tue, 07 May 2019 11:28:11 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Tue, 07 May 2019 11:28:11 -0400
Source: ghostscript
Architecture: source
Version: 9.26~dfsg+0-0ubuntu8
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
ghostscript (9.26~dfsg+0-0ubuntu8) eoan; urgency=medium
.
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
- debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
- CVE-2019-3839
Checksums-Sha1:
878ffa56f3cdf02a5daa562b371392ff93d1b529 2831 ghostscript_9.26~dfsg+0-0ubuntu8.dsc
108711ab55c53453512984c934cc7dd978866863 129500 ghostscript_9.26~dfsg+0-0ubuntu8.debian.tar.xz
e54e8be37f4689cce6bbbd829feb42ce0d5895df 12016 ghostscript_9.26~dfsg+0-0ubuntu8_source.buildinfo
Checksums-Sha256:
52f7cc60c0c7a3180a5b2ecb1e4cb8850170aacde74af818054cf56dd814034e 2831 ghostscript_9.26~dfsg+0-0ubuntu8.dsc
cea0769a2da84f36ff6f4669ac8d6533c5ae56604db0141e5dc4c4da70d74942 129500 ghostscript_9.26~dfsg+0-0ubuntu8.debian.tar.xz
1820fbf3e83549aa7cff11659e3b34f796b8b123464e672d9cc8a5c2953f3012 12016 ghostscript_9.26~dfsg+0-0ubuntu8_source.buildinfo
Files:
74670714a742e3befaaf05ec26abcd4e 2831 text optional ghostscript_9.26~dfsg+0-0ubuntu8.dsc
5060b78f15b3ba07e970e4eb4a090547 129500 text optional ghostscript_9.26~dfsg+0-0ubuntu8.debian.tar.xz
9d696226ec2ef270d8c619f72438ecd7 12016 text optional ghostscript_9.26~dfsg+0-0ubuntu8_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAlzRticACgkQZWnYVadE
vpN9ZQ//dGhz0UucRbz8UD4xi9YwEW8rzedHTfPyAJh5Spy4cAjWIPsr66DOFE4N
iKpgetgcqkPympX8Z73Sct0NygAqME6Oye1A8dlasmpjsfvW/pzPb47JTgGSKTMj
SixHq0MMxJF+Eac2J4XEWi27eVycb3jpyzbVeMotwpJEFtLRCrXjUM1TqM7bif25
qzSX4YyF8jo3iHX6O0uawxxhz3t5TDg1+2aeGRtJIBjJKgXiXe5I0d+r3DKCWRM/
7g7EnYnDr+0YAaiJBwXuADpwG5ZDGZWYBsU0+vF7crNTax4qcPahdQ/otJ2otv6e
5r4YcqAgYCiHWiReIy90v5T1pWDwG8UikYJsD6rX0yAg0obYc6dm5cpgveRUkgka
i71jhHCf4CejlSQdlSKNG7qe3457db5/g5gGsRanwrBkZugY/nIkTeWv7vs6KGU3
H3iugTUgEk5LzLIFfsij/MvMTgWosRfA5/wvibxdaymtprYPP3mpbIFfqtewuY0d
i24ginexd+ytrQf0oZvjwnVchvQiR+H70F1u12M66LW04dedtYpWsCl9iVyCrCcw
9vCXphd+Cq+LRWQmp/+pBTBsKjoP4Ug76m1ebFML4Ef4aY5jQ25TQZ8J0ZwbMyEa
d7VKkzu4mIRNUonbJDOAHHsiFxvkZHoBygKVimy6JlwAthonVes=
=r8rO
-----END PGP SIGNATURE-----
More information about the Eoan-changes
mailing list