Accepted ghostscript 9.19~dfsg-3.1 (all source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Oct 2016 13:25:52 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.19~dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 839118 839260 839841 839845 839846 840451
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.19~dfsg-3.1) unstable; urgency=medium
.
* Non-maintainer upload.
* CVE-2013-5653: Information disclosure through getenv, filenameforall
(Closes: #839118)
* CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote
shell command execution (Closes: #839260)
* CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing
remote file disclosure (Closes: #839841)
* CVE-2016-7978: reference leak in .setdevice allows use-after-free and
remote code execution (Closes: #839845)
* CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code
execution (Closes: #839846)
* CVE-2016-8602: check for sufficient params in .sethalftone5 and param
types (Closes: #840451)
* Add 840691-Fix-.locksafe.patch patch.
Fixes regression seen with zathura and evince. Fix .locksafe. We need to
.forceput the defintion of getenv into systemdict.
Thanks to Edgar Fuß <ef@math.uni-bonn.de>
Checksums-Sha1:
73e9eb76a5189dc9a1bd57752b26f4edae837946 2997 ghostscript_9.19~dfsg-3.1.dsc
d969bd2cc53abe7352922c1853c47e7ccb0d8eeb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
285f6d7b5828229ebfd9ba92d92168fabc90331a 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
20aa04760215363e21fdffde03a4f23f7ce2111b 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Checksums-Sha256:
d0c44fabebe04b6d2797d61df9940c1ac5897ff47d0dd3882e6eaa603fdd6642 2997 ghostscript_9.19~dfsg-3.1.dsc
0e22f98aed5e9b705a241acd401303c57467b686363912bf6c85422c587e90bb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
5526424d99b60b40665177bb93927f5620aaddb458e2624922d56b49670c8a10 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
55ad19603838e06a2fd2d5b69ffd2bdb9d4899f8714c5b050ee94f760e710c6f 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Files:
679cdcc87ac7a4382519dcfeace22a46 2997 text optional ghostscript_9.19~dfsg-3.1.dsc
8668693afcef4280199b80fd08e1a754 106324 text optional ghostscript_9.19~dfsg-3.1.debian.tar.xz
439b9da68e9e157294b64d472f99cc5e 5568784 doc optional ghostscript-doc_9.19~dfsg-3.1_all.deb
6aa26679d65514fccb63fb82e3343d0b 3030750 libs optional libgs9-common_9.19~dfsg-3.1_all.deb
-----BEGIN PGP SIGNATURE-----
iQKPBAEBCgB5BQJYE4tXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRMoI
D/94fxNlivh303wFVls0NLyAAkeiSbPP1DzirV+q/3aXk1lUvzhHsrxT+co65rn1
2zIymw5kvElanQiwI+REmlOF+mkxRv0yLYopGKHjvDST/W/Kx5KIrl68yyqVe8fO
WDdSW2mRg5otCQyuSd+Pa96jpFZEWsyEE1zblS/jhZw8RzkJpSCHnmGUXFDLKV0i
+m59qliO8TsaldVJ1f8f8Ts5mfs5J9UzU2p4Z0jXBkVVhOejvqBcJjhYsUydV/mL
SSzvpUBgkqd29af0n53YvOssgt3XhXXwx55L2EI+1/lhMR4XGXfWGLq3cnJGxAhl
2Vavbn+GSg6g8u8uHeUe4L5BCzhqcUtBKyGNLxbTv4+4sv+2C1tzS8XavvBokI+D
E4sc4l1UePIkWWI9AaFSq7pc9hOF+gjFI2JqBAvGd2sc8Cg+qRznxLRwrmsGet5g
XcKVHv91uqoYcYpN8y/kmI/IzmZ1khjvtYatjLGK56eUBNAjXrjrJ4aMYwaVZrKV
FCtueleGbjpwJyeFl8QRq/4vhTPPP6vYWYmb07hf+hBVoYicoQR78qnJiF99nXjm
uO+UfW4Zc07pIHl+qVbmUMC28pWYsJ2qlQ+GJDluBPQMTR2k/jLs6XbuQ1diZIw2
YeZPkNB9dfrqPIFGAllZWwFuk3ISFhUele7pMMX3v8mfDA==
=ykAE
-----END PGP SIGNATURE-----