-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: armel Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: arm Build Daemon (arm-conova-03) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: e463de207ac32c5eeb1c1702613c73ca97e3976b 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb 8d4d4dcb54b2362498bde10b461de350f672a2cb 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_armel.deb 8c3172c31da572c1df81cec5c1acde961103c549 11939 ghostscript_10.0.0~dfsg-11+deb12u7_armel-buildd.buildinfo d9a83d6f89a8b1131a798e501bcb64836d32de51 57488 ghostscript_10.0.0~dfsg-11+deb12u7_armel.deb c22cba03ef43787b17e8341bbedb88777ffbc11e 40036 libgs-dev_10.0.0~dfsg-11+deb12u7_armel.deb 0cfe97fae726ec2df8b5ec1f65447ce6eb5b0761 9358960 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb 9e9419ab15729a60ffb49f38174859072a45f8f5 2090344 libgs10_10.0.0~dfsg-11+deb12u7_armel.deb Checksums-Sha256: 267df9bcf41abe72aff80d8dcaf0b2b6f27e90f9c2fdb1b337cf893d8797b0ae 6116 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb 2148a4bf5ca18edf3e46bb7c7ad610c411c7aec513ce7eb52b2733c3ea11355b 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_armel.deb 01fced92270101116171122bce4b0e1c9ce73822241965b0fc96ad968d25e533 11939 ghostscript_10.0.0~dfsg-11+deb12u7_armel-buildd.buildinfo 9b7294afa2104818f1b4b7a4d425a01e75ca4361473e715f6e6d579b9423580d 57488 ghostscript_10.0.0~dfsg-11+deb12u7_armel.deb 3ba8cf79a150921b9f21f48007095d20a748fd41f27f2c8048bda13d08d15265 40036 libgs-dev_10.0.0~dfsg-11+deb12u7_armel.deb d0be1326dc146401457499386cb7bb0cf169849b294853499b13246537a7ee13 9358960 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb 39735251d31ee9e7bd0592446d39d9921a02720fd771f97ffedc3e46f8e52cd8 2090344 libgs10_10.0.0~dfsg-11+deb12u7_armel.deb Files: 1d89fc2520856d9b4f5d5349eecbcda0 6116 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb e2b97a83d7e60a8bf4f1bfa02a238dc0 28512 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u7_armel.deb 8ec6f7d4c9f4a311435b0f441a9ade5e 11939 text optional ghostscript_10.0.0~dfsg-11+deb12u7_armel-buildd.buildinfo b3ec6e9b373f79d2a3275dcc849d2276 57488 text optional ghostscript_10.0.0~dfsg-11+deb12u7_armel.deb 63154ee78a96efae4e93218f1baa1591 40036 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u7_armel.deb 87d1377ffd8d68ac926b92589b535f63 9358960 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_armel.deb 37104fef29855f42ec98746fbfe721aa 2090344 libs optional libgs10_10.0.0~dfsg-11+deb12u7_armel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVM4SKBZumztS8zr3lST9Us03ywsFAmfj0akACgkQlST9Us03 ywul2hAAmx0lJ5lIhjjUjj787N8m3mo7DsbSaA0Kcm/kEFIXLmDrs1RTuFnmeL3g p1CHV7OHECqPbeRhcuPBi5t+/1DhzBdw7oOhPKuC809FjfZgFyQs2hMX1wkEwqXb 2/0e3ePcI8zVMWNu/dq0Eb50PdaWJ7o+Ixtb93PfZUhTAZObZeHKDIYC/dGaGQ+Z oRJPMEifzNd3Ij5hBL4g76CDABeNlP3ZvF4AdLU7ITUj8TbXy5zEWgUzAWNGRVp0 SUlHDgs/Zmh9mFsPjlbFF2iJYF4nYSTmyLlQ7jwUX189YFVjq8arCRr/qfl33n4r hWdEiXgCYoeAbiYEY7/PCeFypvE/MoaMMlteTIZupueIfEZcmJw8iYcswzqxT54b nNfz9fVoX7tL7iIz1vaWAZKJ9PqtYAGMtAR9wLIMkp6IGu9KjXOw/8w2I8QXQ4Xx BvJflI1ZM3Sa03Un5vl89StsvHMPiFaPumr20r03gJSvjpitG7DREfoocIJLOAFT cqgMP4mrSlYHI0gsX42HPhWGQSraaEqplye848hoDeBE/x5S/V/zw3NEyS7y6X6Z LBj/l4l9ZW0JjUyHV79XqLC1aA3jqn68seS6evRDT5wGE4uhVO3X8iY0zterkCrQ 8yqlLg+rwNIgEHgIFGX0fUE9CiF5gSklcfWk5ff37pZ3ebOjAmg= =30J7 -----END PGP SIGNATURE-----