Accepted ghostscript 9.25~dfsg-3 (source) into unstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Fri, 19 Oct 2018 00:11:32 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.25~dfsg-3
Distribution: unstable
Urgency: medium
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Jonas Smedegaard <dr@jones.dk>
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Closes: 910678 910758 911175
Changes:
ghostscript (9.25~dfsg-3) unstable; urgency=medium
.
* Add patches cherry-picked upstream to fix execution issues.
+ Implement .currentoutputdevice operator
+ Change "executeonly" to throw typecheck on gstatetype and
devicetype objects
+ Undefine some additional internal operators.
+ Fix handling of .needinput if used from interpreter
+ Ensure all errors are included from initialization
+ setundercolorremoval memory corruption
+ copydevice fails after stack device copies invalidated
+ add operand checking to .setnativefontmapbuilt
+ add object type check for AES key
+ Add parameter type checking on .bigstring
+ zparse_dsc_comments can crash with invalid dsc_state
+ Catch errors in setpagesize, .setpagesize and setpagedevice and
cleanup
+ Catch errors and cleanup stack on statusdict page size definitions
+ Add parameter checking in setresolution
+ device subclass open_device call must return child code
+ fix DSC comment parsing in pdfwrite
+ Check all uses of dict_find* to ensure 0 return properly handled
+ permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite
+ Avoid overrunning non terminated string buffer.
+ Prevent SEGV in gs_setdevice_no_erase.
+ Fix uninitialised value for render_cond.
+ Hide the .needinput operator
+ filenameforall calls bad iodev with insufficent scratch
+ Improve hiding of security critical custom operators
+ Prevent SEGV after calling gs_image_class_1_simple.
+ don't push userdict in preparation for Type 1 fonts
+ add control over hiding error handlers.
+ For hidden operators, pass a name object to error handler.
+ Explicitly exclude /unknownerror from the SAFERERRORLIST
+ don't include operator arrays in execstack output
+ Make .forceput unavailable from '.policyprocs' helper dictionary
+ .loadfontloop must be an operator
+ font parsing - prevent SEGV in .cffparse
Closes: Bug#910678, #910758, #911175
(CVE-2018-17961, CVE-2018-18073, CVE-2018-18284).
Thanks to Salvatore Bonaccorso.
* Unfuzz patches.
* Declare compliance with Debian Policy 4.2.1.
* Update symbols: 1 private added.
Checksums-Sha1:
2a5c3e83d158aeca87e4077719924efff95ee084 2720 ghostscript_9.25~dfsg-3.dsc
f82c55f48dc57af9eb460b7ea6f77ef186df7657 132580 ghostscript_9.25~dfsg-3.debian.tar.xz
58bba3739d90587c06983c208792a50640a9c835 11625 ghostscript_9.25~dfsg-3_amd64.buildinfo
Checksums-Sha256:
df9cd4c6d6572127f1cab968519b7d9c154cf452ca61ade5de0b0d489813b118 2720 ghostscript_9.25~dfsg-3.dsc
5cac2f3fc568c3be3006abd590f478c70df2970739e6916e1f9519483f4e7b32 132580 ghostscript_9.25~dfsg-3.debian.tar.xz
cf52b3e657033486565dcf9d396e9d1d12cd659053d4cdf7157d71139a27918a 11625 ghostscript_9.25~dfsg-3_amd64.buildinfo
Files:
bcf7ddc5b2d5cece29577526ac7e7d2e 2720 text optional ghostscript_9.25~dfsg-3.dsc
9d7dd39fe9df5ab52e2f7bdea6e8070e 132580 text optional ghostscript_9.25~dfsg-3.debian.tar.xz
001ce1e5e9e68a9be4b45c4efffafd7e 11625 text optional ghostscript_9.25~dfsg-3_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEn+Ppw2aRpp/1PMaELHwxRsGgASEFAlvJBbAACgkQLHwxRsGg
ASHxnQ//RghFthcm5HmeF/qNT1WzEHxfq8Wv8LVepBMWod33iJCWAzEE1bRc7GKc
rzB7t5nhRJApUNgveH6qebYtBHvk0+OairnrzBT5jtiCIs7GcIMusL/uy36bi17J
+fRWp+f7e35ezJqNlE1yJpu+SbgUmgRRgf8j5gGi4Cg/hg1ATrDehQ1llwtdnZ5T
Tvd8u0Y848GNqur0HctcycBplbw1xbfH6dL9L+uhEmA2vMZSFDXKEP13qnh4nZcl
W28QqoeFUJhS/Zv/fJliF+OOLMUNfdi9FVTNcmFfXUIn+JfCG7KXFWbmxG2M5D+k
lwJPHTLIyDtL0XJfe/cvAQ33a2pO6Xvl8rvvTrTtFGOxlscTyewJX1+uThzZSv2n
kee+KtbF/WBzduxcFraEJ132p++5fLlXP37uNAxIsdxxfZFk+Opdgxr7aHmNvsdy
0kZ0evXhKHWfVDvE1tZZJofpHD6UFJKxxY3gxF2QmMAdX+sZSnsJc7actxEDk3qR
DQOruTas+l82tDelLs90xHRgCdX50CUziOc2fPzlt80vqeVVXvNQtEhUdzQsND3F
CHC9NCongmlrk1N4BeHpK8U5MJdxN3XMETckpGTUo4u38tZePVOCYbaUUgaCadh8
73jXeWfe6sFdbvpM2LZUjQtQxDUJ7chddlRBAawKapWd4YT+sTQ=
=14qD
-----END PGP SIGNATURE-----