-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: arm64 Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-ubc-02) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: 2a9b5bf204b17ac41455eee46894bb8cb5618730 6036 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb 6b8159fd06b70dc3aa09f52d351f0fe83dc4daa8 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_arm64.deb 12c25b73da3e850b28df63701024b1ef7aa906c3 12065 ghostscript_10.0.0~dfsg-11+deb12u7_arm64-buildd.buildinfo 7b2c4887fc201bf87efb6aba73626b92443e5462 57796 ghostscript_10.0.0~dfsg-11+deb12u7_arm64.deb 69a7d16f8e4b3e93ccb3eb36e110140b00dafae0 40048 libgs-dev_10.0.0~dfsg-11+deb12u7_arm64.deb 7b2d822783b088453284b352dcb25932ee0dd1a7 9499568 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb 99f9381a5b6fd5772a1362496a5b81f2ee10bc13 2254832 libgs10_10.0.0~dfsg-11+deb12u7_arm64.deb Checksums-Sha256: 0c1e0cc7659729a31cea3e2d164956b992fb7587433d12a97ed82f71034a7812 6036 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb a3a820eac746546c75d04ce94d9a493b1406a31702a825df0acd75d3a44b6519 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_arm64.deb 3030bd1a7cedb08c9c88b119b29f9dec39bc88674a8d51136ed8ca3886be06d3 12065 ghostscript_10.0.0~dfsg-11+deb12u7_arm64-buildd.buildinfo dd429071942e8da235f65b92ac33b455ef2611b69068e1eb573529f99f7d202d 57796 ghostscript_10.0.0~dfsg-11+deb12u7_arm64.deb b438dc3da97d772cababfa690c251184dbd4774cb7eb8a7a7596b006c6a74214 40048 libgs-dev_10.0.0~dfsg-11+deb12u7_arm64.deb d16b9f6bf65eb469717ba3e230ac2952980285542fa9d8fbb6bbc8a96aada2fe 9499568 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb 91d3206cf4d9d3f9bdc2d809b5020d6ec816422caf148b10659cdacbbccb365b 2254832 libgs10_10.0.0~dfsg-11+deb12u7_arm64.deb Files: a87d092f6640fea541c2f26f3164fe0e 6036 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb 2b59700d14122b6cf858656921228ecc 28512 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u7_arm64.deb b3b67f25b930f1b2c28d39ff0b4a7259 12065 text optional ghostscript_10.0.0~dfsg-11+deb12u7_arm64-buildd.buildinfo c342a2ac21e7a5ff9189ba095c3c5d92 57796 text optional ghostscript_10.0.0~dfsg-11+deb12u7_arm64.deb 35c481f61c6cbd442b638e1d0fcd7f22 40048 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u7_arm64.deb 0e8624182aae9dfd2f1a456b98f2e288 9499568 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_arm64.deb a43d5246d357a9ddbcb250776347a87c 2254832 libs optional libgs10_10.0.0~dfsg-11+deb12u7_arm64.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEE9C4sZYDxwNo9XoUDaRWK3AIe28EFAmfj080ACgkQaRWK3AIe 28Ha9A//dHIuFSwOtRWJFfueQ1GphOjodoBlwqnRm/Y0wADbi5nLxDhfxlPjHfze A5e8JouavmCJK+iwyw1JSRr62Bkb5QQFHovwS+N/XALax0injrzeWmhAkF7VaVLm 2gyDwN1TO6JG7GPyGO2V41u/EQ7Gd+l7JxutL/Nh9sAWU3/IRI3xp7+BivVKLGKw G7XOzQwh8be3lDkp/r/kU7JlVc1m+sPeC7zxxL4p9CTxrruNH26FlMX+7wd9s/0y fqKYTTJPpNTfWgpZVdmMqWTev3+2A+Jhk8X5u13IKw8ZishtZY2ZyvmHJMSbX0Qu Qcl6pXTHFVlJjLMZv51Z21QxjpqUHLPBfKwP1yDNFs60POgM2P4K19xFz5LonRlK yOjTKz2/het1BgOu8ik0inV1YUnt5Dg32gB4wrTy2MQI2jLkivLW/QW7ewcDEV/m BJgOhNr1pnRduqQ9kS+G59XY1vLGzBgFVNDcufvsMEf/mdiYbnwz2/Gcvw8ccUHW Q07clwPLedCSDlAsa3wyQU/rSTb6juz10GL5RsGO4qu0qymNHcrECQqROoKWd7f5 SnP9RSlAt9CIprgQE/sb1U4OaSOv/PwIZdGuwTIPEw384HBidAtLUygpnp0TVVJ9 vtpov6ACwVXH46dpZQR8SSqa8pTRz5QgC0/I5mgyaKQ5Z0WZEYA= =8v4U -----END PGP SIGNATURE-----