Back to ghostscript PTS page

Accepted ghostscript 9.19~dfsg-3.1 (all source) into unstable

To: debian-devel-changes@lists.debian.org
Subject: Accepted ghostscript 9.19~dfsg-3.1 (all source) into unstable
From: Salvatore Bonaccorso <carnil@debian.org>
Date: Fri, 28 Oct 2016 18:20:44 +0000
Mail-followup-to: debian-devel@lists.debian.org
Message-id: <E1c0Blk-0002B1-Cs@franck.debian.org>
Reply-to: debian-devel@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Oct 2016 13:25:52 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.19~dfsg-3.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 839118 839260 839841 839845 839846 840451
Description: 
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.19~dfsg-3.1) unstable; urgency=medium
 .
   * Non-maintainer upload.
   * CVE-2013-5653: Information disclosure through getenv, filenameforall
     (Closes: #839118)
   * CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote
     shell command execution (Closes: #839260)
   * CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing
     remote file disclosure (Closes: #839841)
   * CVE-2016-7978: reference leak in .setdevice allows use-after-free and
     remote code execution (Closes: #839845)
   * CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code
     execution (Closes: #839846)
   * CVE-2016-8602: check for sufficient params in .sethalftone5 and param
     types (Closes: #840451)
   * Add 840691-Fix-.locksafe.patch patch.
     Fixes regression seen with zathura and evince. Fix .locksafe. We need to
     .forceput the defintion of getenv into systemdict.
     Thanks to Edgar Fuß <ef@math.uni-bonn.de>
Checksums-Sha1: 
 73e9eb76a5189dc9a1bd57752b26f4edae837946 2997 ghostscript_9.19~dfsg-3.1.dsc
 d969bd2cc53abe7352922c1853c47e7ccb0d8eeb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
 285f6d7b5828229ebfd9ba92d92168fabc90331a 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
 20aa04760215363e21fdffde03a4f23f7ce2111b 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Checksums-Sha256: 
 d0c44fabebe04b6d2797d61df9940c1ac5897ff47d0dd3882e6eaa603fdd6642 2997 ghostscript_9.19~dfsg-3.1.dsc
 0e22f98aed5e9b705a241acd401303c57467b686363912bf6c85422c587e90bb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz
 5526424d99b60b40665177bb93927f5620aaddb458e2624922d56b49670c8a10 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb
 55ad19603838e06a2fd2d5b69ffd2bdb9d4899f8714c5b050ee94f760e710c6f 3030750 libgs9-common_9.19~dfsg-3.1_all.deb
Files: 
 679cdcc87ac7a4382519dcfeace22a46 2997 text optional ghostscript_9.19~dfsg-3.1.dsc
 8668693afcef4280199b80fd08e1a754 106324 text optional ghostscript_9.19~dfsg-3.1.debian.tar.xz
 439b9da68e9e157294b64d472f99cc5e 5568784 doc optional ghostscript-doc_9.19~dfsg-3.1_all.deb
 6aa26679d65514fccb63fb82e3343d0b 3030750 libs optional libgs9-common_9.19~dfsg-3.1_all.deb

-----BEGIN PGP SIGNATURE-----

iQKPBAEBCgB5BQJYE4tXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRMoI
D/94fxNlivh303wFVls0NLyAAkeiSbPP1DzirV+q/3aXk1lUvzhHsrxT+co65rn1
2zIymw5kvElanQiwI+REmlOF+mkxRv0yLYopGKHjvDST/W/Kx5KIrl68yyqVe8fO
WDdSW2mRg5otCQyuSd+Pa96jpFZEWsyEE1zblS/jhZw8RzkJpSCHnmGUXFDLKV0i
+m59qliO8TsaldVJ1f8f8Ts5mfs5J9UzU2p4Z0jXBkVVhOejvqBcJjhYsUydV/mL
SSzvpUBgkqd29af0n53YvOssgt3XhXXwx55L2EI+1/lhMR4XGXfWGLq3cnJGxAhl
2Vavbn+GSg6g8u8uHeUe4L5BCzhqcUtBKyGNLxbTv4+4sv+2C1tzS8XavvBokI+D
E4sc4l1UePIkWWI9AaFSq7pc9hOF+gjFI2JqBAvGd2sc8Cg+qRznxLRwrmsGet5g
XcKVHv91uqoYcYpN8y/kmI/IzmZ1khjvtYatjLGK56eUBNAjXrjrJ4aMYwaVZrKV
FCtueleGbjpwJyeFl8QRq/4vhTPPP6vYWYmb07hf+hBVoYicoQR78qnJiF99nXjm
uO+UfW4Zc07pIHl+qVbmUMC28pWYsJ2qlQ+GJDluBPQMTR2k/jLs6XbuQ1diZIw2
YeZPkNB9dfrqPIFGAllZWwFuk3ISFhUele7pMMX3v8mfDA==
=ykAE
-----END PGP SIGNATURE-----