Ubuntu
ghostscript package

ghostscript 10.02.1~dfsg1-0ubuntu7.3 source package in Ubuntu

Changelog

ghostscript (10.02.1~dfsg1-0ubuntu7.3) noble-security; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
    - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
      Filters to overflow the debug buffer in pdf/pdf_file.c.
    - CVE-2024-29506
  * SECURITY UPDATE: stack-based buffer overflows
    - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont
      related params in pdf/pdf_font.c, pdf/pdf_warnings.h.
    - CVE-2024-29507
  * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
    name
    - debian/patches/CVE-2024-29508.patch: review printing of pointers in
      base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
      base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
      devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
      psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
    - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
      optimised build in base/gsicc_cache.c.
    - debian/patches/CVE-2024-29508-3.patch: remove extra arguments in
      devices/gdevupd.c.
    - CVE-2024-29508
  * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
    - debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
      pdf/pdf_sec.c.
    - CVE-2024-29509
  * SECURITY UPDATE: directory traversal issue via OCRLanguage
    - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
      SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdfp.c.
    - debian/patches/CVE-2024-29511-2.patch: original fix was overly
      aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
      devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
    - CVE-2024-29511

 -- Marc Deslauriers <email address hidden>  Thu, 11 Jul 2024 12:07:09 -0400

Upload details

Uploaded by:
Marc Deslauriers
Uploaded to:
Noble
Original maintainer:
Ubuntu Developers
Architectures:
any all
Section:
text
Urgency:
Medium Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size SHA-256 Checksum
ghostscript_10.02.1~dfsg1.orig.tar.xz 51.6 MiB be748526dc3c6c45c9b192805dfeeec0c90f36f0ee2078c6503ecbe36fcba202
ghostscript_10.02.1~dfsg1-0ubuntu7.3.debian.tar.xz 94.4 KiB 32dbb3e35f33c48624cc45e37f2553097924141b5ea5f37451cf52614d3e84d9
ghostscript_10.02.1~dfsg1-0ubuntu7.3.dsc 2.8 KiB 26627275a0493531efb19f0f04e22ca798abcca87e85f947836934f0bc0f0034

View changes file

Binary packages built by this source

ghostscript: interpreter for the PostScript language and for PDF

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 Furthermore, it can render PostScript and PDF files as graphics
 to be printed on non-PostScript printers.
 Supported printers include common dot-matrix, inkjet and laser models.
 .
 The suggested texlive-binaries package is only required when using dvipdf.

ghostscript-dbgsym: debug symbols for ghostscript
ghostscript-doc: interpreter for the PostScript language and for PDF - Documentation

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 This package contains documentation for GPL Ghostscript,
 mainly targeted developers and advanced users.

libgs-common: interpreter for the PostScript language and for PDF - ICC profiles

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 This package provides common ICC profiles.

libgs-dev: interpreter for the PostScript language and for PDF - Development Files

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 This package provides the development files
 for the GPL Ghostscript library
 which makes the facilities of GPL Ghostscript available
 to applications.

libgs10: interpreter for the PostScript language and for PDF - Library

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 This package provides the Ghostscript library
 which makes the facilities of GPL Ghostscript available
 to applications.

libgs10-common: interpreter for the PostScript language and for PDF - common files

 GPL Ghostscript is used for PostScript/PDF preview and printing.
 Usually as a back-end to a program such as ghostview,
 it can display PostScript and PDF documents in an X11 environment.
 .
 This package provides common architecture-independent files
 needed by the GPL Ghostscript library.
 .
 By default, GPL Ghostscript uses a font from the fonts-droid package
 to approximate glyphs in PDFs
 for which the requested CJK TrueType font is missing.
 If the fonts-droid package is not installed,
 these glyphs will be rendered as bullets.

libgs10-dbgsym: debug symbols for libgs10