Accepted ghostscript 9.25~dfsg-0+deb9u1 (source) into proposed-updates->stable-new, proposed-updates
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 08 Nov 2018 16:06:47 +0100
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.25~dfsg-0+deb9u1
Distribution: stretch-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Salvatore Bonaccorso <carnil@debian.org>
Closes: 909076 909929 910758 911175
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.25~dfsg-0+deb9u1) stretch-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* New upstream version 9.25~dfsg
+ Fixes regression using ps2ascii after fix for CVE-2018-17183
(Closes: #909076)
+ status operator honour SAFER option (CVE-2018-11645)
* Drop patches applied upstream
* Rebase 2001_docdir_fix_for_debian.patch for 9.25
* Rebase 2010_add_build_timestamp_setting.patch for 9.25
* Add patches cherry-picked upstream to fix execution issues.
+ Implement .currentoutputdevice operator
+ Change "executeonly" to throw typecheck on gstatetype and
devicetype objects
+ Undefine some additional internal operators.
+ Fix handling of .needinput if used from interpreter
+ Ensure all errors are included from initialization
+ setundercolorremoval memory corruption
+ copydevice fails after stack device copies invalidated
+ add operand checking to .setnativefontmapbuilt
+ add object type check for AES key
+ Add parameter type checking on .bigstring
+ zparse_dsc_comments can crash with invalid dsc_state
+ Catch errors in setpagesize, .setpagesize and setpagedevice and
cleanup
+ Catch errors and cleanup stack on statusdict page size definitions
+ Add parameter checking in setresolution
+ device subclass open_device call must return child code
+ fix DSC comment parsing in pdfwrite
+ Check all uses of dict_find* to ensure 0 return properly handled
+ permit Mod and CreDate pdfmarks in PDF 2.0 in pdfwrite
+ Avoid overrunning non terminated string buffer.
+ Prevent SEGV in gs_setdevice_no_erase.
+ Fix uninitialised value for render_cond.
+ Hide the .needinput operator
+ filenameforall calls bad iodev with insufficent scratch
+ Improve hiding of security critical custom operators (CVE-2018-17961)
(Closes: #911175)
+ Prevent SEGV after calling gs_image_class_1_simple.
+ don't push userdict in preparation for Type 1 fonts
+ add control over hiding error handlers. (Closes: #909929)
+ For hidden operators, pass a name object to error handler.
(CVE-2018-17961) (Closes: #911175)
+ Explicitly exclude /unknownerror from the SAFERERRORLIST
+ don't include operator arrays in execstack output (CVE-2018-18073)
(Closes: #910758)
+ Make .forceput unavailable from '.policyprocs' helper dictionary
(CVE-2018-18284) (Closes: #911175)
+ .loadfontloop must be an operator (CVE-2018-17961) (Closes: #911175)
+ font parsing - prevent SEGV in .cffparse
* openjpeg allocator must return NULL if size too large
* debian/copyright: Refresh with version from 9.25~dfsg-5
* debian/libgs9.symbols: Update (and sync from 9.25~dfsg-5) for new version.
Adjust version for errorexec_find@Base.
* Fix cups get/put_params LeadingEdge logic (cf. #912664)
* Avoid privacy breach linking documentation to jquery:
+ Add patch 2009 to use local jquery.
+ Add symlink from relative link to system-shared jquery library.
+ Have ghostscript-doc depend on libjs-jquery.
* Avoid privacy breach linking documentation to font:
+ Avoid linking to remote fonts in documentation.
* Avoid privacy breach linking documentation with Google:
+ Strip googletagmanager code from documentation.
Checksums-Sha1:
a910badd9afac7e88fe65995e792484b464e36c2 3045 ghostscript_9.25~dfsg-0+deb9u1.dsc
6801ed2321af28a60cad6b39da07813b9d4c8840 17577772 ghostscript_9.25~dfsg.orig.tar.xz
cb221bbac610e0e8ca5341a645ebfdc32471c03b 133696 ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz
Checksums-Sha256:
49fb3b6417caf26e4c8a5388fece0282c1b55b9e87a7b870ae1e5aaa750cae9d 3045 ghostscript_9.25~dfsg-0+deb9u1.dsc
d35949fe5c4e827d9468f29d395dd05c273d2482c703259084c8aff0a0ca6d82 17577772 ghostscript_9.25~dfsg.orig.tar.xz
63fae22e1a4d94674f00fd6fad9dc18b349fd45c82c26466ee327ea089436e39 133696 ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz
Files:
6aa5e0f4b8120b49bde3589a728bf2f5 3045 text optional ghostscript_9.25~dfsg-0+deb9u1.dsc
f9b9532d6bf70b615824293e7557a623 17577772 text optional ghostscript_9.25~dfsg.orig.tar.xz
4a88adaa015a040acb87908693e5eb39 133696 text optional ghostscript_9.25~dfsg-0+deb9u1.debian.tar.xz
-----BEGIN PGP SIGNATURE-----
iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlvkUudfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2
NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk
ZWJpYW4ub3JnAAoJEAVMuPMTQ89EQ0IP/2LPB0HQdlZSqNaZWOoG+SnMmPATFuqd
pFU5w9rAC1vKV2EPfW1BHd0F6qPAJX00Af9IOpD69BDVGoqh53ogbnTCoV93LsHO
d+7bbP979WaBK19VJvp7H7Jyu97Z1JXjymb8QokVJHXpnfJAHeg1EJKsv0w/11kg
DUeKwusDLOl2AHgav+aP2R+WNpj9bIoNAuymwHBMBeAmUjFi8a6hHZ/e0uqRi7+r
JHu7FYCmaEN7GQlSBOL6fLL/UVGDjYEdX+cfk6WgJ7i5c4bYNWVAhtQXsWddlV19
e+qnia0ju922Ph2elu8m6nSexZGkVt3pVRkaspPjPZlZBtzkLSP79P9CXrpnVCNI
IB/BgbPyNFFdVGSx4xtEekn72PDKHrbegiGHhO95sVE0GSHujycPG21QQHygbrr+
tg6fJS51Z2m/4R2su/xe8kdrlCEXYOYneubT5zDKnwO+X4tss/KmJAnjF6BKBVZk
lT3Hnjdi/uNMBNOh+RJAsdS58Rx8X//mablvkbi0K4AR26ZnJpjyg111OYcx1RiO
oQxsbZ6V+QhNEiSP+GzSnmVIrGSB8EeBfqR9hlvtD8SjmzwLE6t22i3KEPs6uIbd
e4OCJN6oO9jOdbcGyGkb/tt1Sc2bY1P9IZ6OllRAp6HVPsyszJb2YhBPvQlqPN1N
gcrlUrbrNvBR
=AedW
-----END PGP SIGNATURE-----