-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 26 Mar 2025 10:10:35 +0100 Source: ghostscript Binary: ghostscript ghostscript-dbgsym ghostscript-x libgs-dev libgs10 libgs10-dbgsym Architecture: mipsel Version: 10.0.0~dfsg-11+deb12u7 Distribution: bookworm-security Urgency: high Maintainer: mipsel Build Daemon (mipsel-osuosl-05) Changed-By: Salvatore Bonaccorso Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-x - transitional package for ghostscript libgs-dev - interpreter for the PostScript language and for PDF - Development libgs10 - interpreter for the PostScript language and for PDF - Library Changes: ghostscript (10.0.0~dfsg-11+deb12u7) bookworm-security; urgency=high . * Non-maintainer upload by the Security Team. * Fix confusion between bytes and shorts (CVE-2025-27835) * Avoid integer overflow leading to buffer overflow (CVE-2025-27832) * PCL interpreter - fix decode_glyph for Unicode * Prevent Unicode decoding overrun (CVE-2025-27831) * Fix potential print buffer overflow (CVE-2025-27836) * Fix potential Buffer overflow with DollarBlend (CVE-2025-27830) * Cope with double byte chars in TTF scanning code * Check TTF name size before copying to buffer. (CVE-2025-27833) * PDF interpreter - Guard against unsigned int overflow (CVE-2025-27834) * Fix Coverity IDs 457699 and 457700 Checksums-Sha1: a43ad02f2821f769c5745c9d997d7264fd5abcf4 6196 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb 3e2d8a324cce16eccdf427f15e811f52f75b9176 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_mipsel.deb ad1939d12fc023310567610f0dc6a045ae2d8d11 11907 ghostscript_10.0.0~dfsg-11+deb12u7_mipsel-buildd.buildinfo 5805b33e83082d37a9361cc9ecaf838fe8605d68 57772 ghostscript_10.0.0~dfsg-11+deb12u7_mipsel.deb 3dd9af0a4bcc7c772140dab988784d6b54939e4e 40044 libgs-dev_10.0.0~dfsg-11+deb12u7_mipsel.deb fc964250871d85ad6077292546a7c20915e89968 9659660 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb 7e093d65f9ba8c4c8d1eae9476869cb93b14fa52 2246292 libgs10_10.0.0~dfsg-11+deb12u7_mipsel.deb Checksums-Sha256: 11736ebd3f97828f7ce6e007a1df6e8704cc83b18762a39e3a0b3b660806b643 6196 ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb 10096854cd1ba0fdf11d828b832ccef2b591d5a7a0c66a9e3b35213ae5b910f0 28512 ghostscript-x_10.0.0~dfsg-11+deb12u7_mipsel.deb 10de28a2089ebb47354e176194ae7859136a20ded0327e4b3c52168cde8cee4b 11907 ghostscript_10.0.0~dfsg-11+deb12u7_mipsel-buildd.buildinfo 55776b3b3431f7fe811d5ab715f6a6ed42e7e59677e178864257d0bd0039b1d5 57772 ghostscript_10.0.0~dfsg-11+deb12u7_mipsel.deb c6c70a98f9109059fe51569cf5926b272f251e2c72843625b993697eff4a632f 40044 libgs-dev_10.0.0~dfsg-11+deb12u7_mipsel.deb edcf0e03fe956135b7da194ca4fbb7749632e9a3dcc493898018c502789ffa94 9659660 libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb d9295cfb56ce5b0fe395ad4c53ea1dbd91d2a39d725ee35227b1b101f8ffd8fa 2246292 libgs10_10.0.0~dfsg-11+deb12u7_mipsel.deb Files: d53f6f6ba07464067662d2651a2b075d 6196 debug optional ghostscript-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb 7a9fd5f790f1086bb6fa7f02c3f92d95 28512 oldlibs optional ghostscript-x_10.0.0~dfsg-11+deb12u7_mipsel.deb 724640660b3d12da6e83be4b133392c2 11907 text optional ghostscript_10.0.0~dfsg-11+deb12u7_mipsel-buildd.buildinfo faa9dc8a2d5c76e25edfb88a93beac99 57772 text optional ghostscript_10.0.0~dfsg-11+deb12u7_mipsel.deb 1e84a0c11f41625ff2f71fe1d1b0d181 40044 libdevel optional libgs-dev_10.0.0~dfsg-11+deb12u7_mipsel.deb e16010c08d99d9fc5735c1c62b58c67a 9659660 debug optional libgs10-dbgsym_10.0.0~dfsg-11+deb12u7_mipsel.deb 9e34e9bc2d4ae6ef7deaaf9f1c35580e 2246292 libs optional libgs10_10.0.0~dfsg-11+deb12u7_mipsel.deb -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEYLhEzFkGpb3yYRVHmlVdU6AM9BUFAmfj0rEACgkQmlVdU6AM 9BVM3A/+IhLC9fwPJDb+cB8MI+6gTtmPcBqeibJHr/6Jevw9J8Ug4PxHCAUHYiyS 1ZSq+9vW/8unbzh/jvjq/CbLypVI4UNSnhKDOLuFI6pqGvvcFaQG6hw6ya/ex56H A+3a+Vvdklpu6pLgaVozI5h658r8QSSvk+HYDsqichp1oC5a8azodVPYS5VtpZ4K CwOl40Q1scMdBtQKtu7Wwt8ezZkDH6XJhM430rnv4poxPTMbh+9HjyhEqkso8rVy Y35LVJjIDz31tkIS5OHk4HwYVVpiKL1huveutZLnWO6wAluIn0GADVZQXddmwsd7 iJiWP7OV5onF3CORN3Y1jZfCbXv1xj+VqjtpTPWLv4fSKrlM0j2c7C2ui5VkHI8m U8PqnufzkzrAXNcDheSOpRKKOmPJl5wM+/0rec0axTi0QIXutk2OR6JVldNOV/oJ E+9TMc4W1tAFOb072ahV+RFf4c9MeJKunSXUbfRVHc72QCD0cjZeMeMALPS5NDow qOfvmqjOadVEKB5mcG119g42qGEsOeUNM6sgS1NHAjO3k2UQdo5AYGeB8vkG5+Cf jC3OgSPcv1ipFyO98mjuwuoAT4JXHLLguTUXNe6RlgXxI+9JZp0KVy376h70R/wG p1/c0++T+E0jcgM6YARPcpepYi0tt7Aay67i0t3pnU9hm6QxCNI= =5WZO -----END PGP SIGNATURE-----