-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: amd64 Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: amd64 / i386 Build Daemon (x86-ubc-01) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: ba2202658811ab388e9471e3b1df561ab8beca5d 5884 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb 0268d00226f7d4ffc01c91f850ad5c1df34a31b6 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_amd64.deb 4e1d1ae7ba0e71d2c92c1f5fc1093221e968577d 12126 ghostscript_10.0.0~dfsg-11+deb12u7_amd64-buildd.buildinfo fa0e20156127c4e9d7e6a34bffb6f6ba8753eb12 57700 ghostscript_10.0.0~dfsg-11+deb12u7_amd64.deb a1285cc806d9dc068dcbf9915b926e7694a261e2 40052 libgs-dev_10.0.0~dfsg-11+deb12u7_amd64.deb 782d8d2470690c2f0e6ba0f936f6279424e947d7 9704616 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb 316a1399549b5aee709a9fb3d56a3078660aa50e 2466608 libgs10_10.0.0~dfsg-11+deb12u7_amd64.deb Checksums-Sha256: d7778f0a07336f67aa2816fb32fa271a8fd3bdc772eda454e3cc8b4493f227a1 5884 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb f3eae66e5f473ce999a4764206d23f60add460fbd6585982cb899089dbaba08d 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_amd64.deb 5a01f427bc5babb0bac244072c7e62eabe4218d739f5277a85b92a2c13bc4bac 12126 ghostscript_10.0.0~dfsg-11+deb12u7_amd64-buildd.buildinfo 947952b42045eb5f9bcb47ea5d64c697a62be357988d914f64d9f940dd1e49ba 57700 ghostscript_10.0.0~dfsg-11+deb12u7_amd64.deb 5fe872f514d2388a009bb4acfba9c1702020ec3bbeb5b12d54ab71bc2391e771 40052 libgs-dev_10.0.0~dfsg-11+deb12u7_amd64.deb 7f1892a76d79e9cdd3244c576b4720ab6441a87d15e8240ccc9e104e0e333a8f 9704616 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb afcdc3304910cf808c48302b41bd4e6b6e0170e244ea169833226f8befb3dce1 2466608 libgs10_10.0.0~dfsg-11+deb12u7_amd64.deb Files: 75395260fc4ab6e7186776cb644413de 5884 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb f31d92187bb5c37f0943f343c319e6da 28512 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u7_amd64.deb 7cb2cd6f75248a1a5d2dbf46c9e248b5 12126 text optional ghostscript_10.0.0~dfsg-11+deb12u7_amd64-buildd.buildinfo cf78e0a1d245b0e21f3619b33278053f 57700 text optional ghostscript_10.0.0~dfsg-11+deb12u7_amd64.deb 5a3bf0f7bd8b1bcc376c9c083ec1b04a 40052 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u7_amd64.deb c59543e105abf5fa820f54d7caf9a19b 9704616 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_amd64.deb 6e689471c6b7ef5f85b3938cd260211e 2466608 libs optional libgs10_10.0.0~dfsg-11+deb12u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEnw0rdzqckKx6dwRTEbCLukZn24oFAmfj0LgACgkQEbCLukZn 24q0Ow//fp1KyGqjmoLk/ZeTe5vd4sprqOu+o/Moxy4gRVUodSDUwx1VcQtvxPFD xQw1prwWAkDI+ixfxsBuokXuqvJ8/xOI3Jqihqk2zuhiEd1ZFe4mfydc/Rs/tKOT zilnHpDIvyJ3IDX+7ii+zsLl/b5Yp+jeQiOoTtj3ssy2P1sBbj+NvZlibkWu8TTd amEx1cJYEPLajsHFCdbyZfXw44m8sew4GQ8Afl/XdxMAtvEYOVifZ2U0bVHbwVDZ Ant2UofdDdBmWBPfzWfGc54S7W63umeG6P1lOGynfvwfXdwXZLoMJbxU/Xh9PYwE jU9h34Shl5H/ZiqbbMxc2bkJujfpHzTdvHkVEZYiynpg6LirC/YUcmSAd0HdxVP0 EAWSN5cORDAzpnfSr5pORbaeebCnaNEFRBRzUg7HaCeLNlbRMNxiimJZtLzt5+vU pxS04a68NRUd9NGg2Ml8kPk+7rnxrYlbYTjHoiEtyghUN+NoLuDg36g2h8xWzV8+ deEVrQIcvX04A70Qe6FyTe+e05C0fY8zGQnDr8ISVionVmdiq8qOtJSbXGKLFZoy 4N1OZm2KrZbqwd6NogSODI8lxFp7n3TgHe+t5uMld1QZ81RmYQL+CHaIczFwyfm4 t4G/0D7mXHK0Y+SteYnNrvAfYKzk15MURVA32cROdwmSpvm1jxQ= =f7+z -----END PGP SIGNATURE-----