Back to ghostscript PTS page

Accepted ghostscript 9.26a~dfsg-0+deb9u7 (source) into oldstable

To: dispatch@tracker.debian.org, debian-lts-changes@lists.debian.org
Subject: Accepted ghostscript 9.26a~dfsg-0+deb9u7 (source) into oldstable
From: Debian FTP Masters <ftpmaster@ftp-master.debian.org>
Date: Thu, 20 Aug 2020 16:10:13 +0000
Mail-followup-to: debian-lts@lists.debian.org
Message-id: <E1k8n8n-0006il-SM@seger.debian.org>
Reply-to: debian-lts@lists.debian.org
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 20 Aug 2020 16:04:00 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.26a~dfsg-0+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.26a~dfsg-0+deb9u7) stretch-security; urgency=high
 .
   * Non-maintainer upload by the LTS Security Team.
   * CVE-2020-16287: a buffer overflow vulnerability in lprn_is_black() in
     contrib/lips4/gdevlprn.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-16288: a buffer overflow vulnerability in
     pj_common_print_page() in devices/gdevpjet.c allows a remote attacker
     to cause a denial of service via a crafted PDF file.
   * CVE-2020-16289: a buffer overflow vulnerability in cif_print_page() in
     devices/gdevcif.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-16290: a buffer overflow vulnerability in
     jetp3852_print_page() in devices/gdev3852.c allows a remote attacker
     to cause a denial of service via a crafted PDF file.
   * CVE-2020-16291: a buffer overflow vulnerability in contrib/gdevdj9.c
     allows a remote attacker to cause a denial of service via a crafted
     PDF file.
   * CVE-2020-16292: a buffer overflow vulnerability in mj_raster_cmd() in
     contrib/japanese/gdevmjc.c allows a remote attacker to cause a denial
     of service via a crafted PDF file.
   * CVE-2020-16293: a null pointer dereference vulnerability in
     compose_group_nonknockout_nonblend_isolated_allmask_common() in
     base/gxblend.c allows a remote attacker to cause a denial of service
     via a crafted PDF file.
   * CVE-2020-16294: a buffer overflow vulnerability in epsc_print_page()
     in devices/gdevepsc.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-16295: a null pointer dereference vulnerability in
     clj_media_size() in devices/gdevclj.c allows a remote attacker to
     cause a denial of service via a crafted PDF file.
   * CVE-2020-16296: a buffer overflow vulnerability in GetNumWrongData()
     in contrib/lips4/gdevlips.c allows a remote attacker to cause a denial
     of service via a crafted PDF file.
   * CVE-2020-16297: a buffer overflow vulnerability in
     FloydSteinbergDitheringC() in contrib/gdevbjca.c allows a remote
     attacker to cause a denial of service via a crafted PDF file.
   * CVE-2020-16298: a buffer overflow vulnerability in mj_color_correct()
     in contrib/japanese/gdevmjc.c allows a remote attacker to cause a
     denial of service via a crafted PDF file.
   * CVE-2020-16299: a Division by Zero vulnerability in bj10v_print_page()
     in contrib/japanese/gdev10v.c allows a remote attacker to cause a
     denial of service via a crafted PDF file.
   * CVE-2020-16300: a buffer overflow vulnerability in tiff12_print_page()
     in devices/gdevtfnx.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-16301: a buffer overflow vulnerability in
     okiibm_print_page1() in devices/gdevokii.c allows a remote attacker to
     cause a denial of service via a crafted PDF file.
   * CVE-2020-16302: a buffer overflow vulnerability in
     jetp3852_print_page() in devices/gdev3852.c allows a remote attacker
     to escalate privileges via a crafted PDF file.
   * CVE-2020-16303: a use-after-free vulnerability in
     xps_finish_image_path() in devices/vector/gdevxps.c allows a remote
     attacker to escalate privileges via a crafted PDF file.
   * CVE-2020-16304: a buffer overflow vulnerability in
     image_render_color_thresh() in base/gxicolor.c allows a remote
     attacker to escalate privileges via a crafted eps file.
   * CVE-2020-16305: a buffer overflow vulnerability in pcx_write_rle() in
     contrib/japanese/gdev10v.c allows a remote attacker to cause a denial
     of service via a crafted PDF file.
   * CVE-2020-16306: a null pointer dereference vulnerability in
     devices/gdevtsep.c allows a remote attacker to cause a denial of
     service via a crafted postscript file.
   * CVE-2020-16307: a null pointer dereference vulnerability in
     devices/vector/gdevtxtw.c and psi/zbfont.c allows a remote attacker to
     cause a denial of service via a crafted postscript file.
   * CVE-2020-16308: a buffer overflow vulnerability in p_print_image() in
     devices/gdevcdj.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-16309: a buffer overflow vulnerability in
     lxm5700m_print_page() in devices/gdevlxm.c allows a remote attacker to
     cause a denial of service via a crafted eps file.
   * CVE-2020-16310: a division by zero vulnerability in dot24_print_page()
     in devices/gdevdm24.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
   * CVE-2020-17538: a buffer overflow vulnerability in GetNumSameData() in
     contrib/lips4/gdevlips.c allows a remote attacker to cause a denial of
     service via a crafted PDF file.
Checksums-Sha1:
 25eea8e669f56ae5c9c5d3660f297ac7b97c5f23 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc
 3bc2fd605063bfd1dcd481b54a81159cb1f33a7e 17614652 ghostscript_9.26a~dfsg.orig.tar.xz
 1c11eb6337334a8e3e8a01bcc3c6b1fd881121bf 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
 846ed77683af604791c96801f7cf1b097ec90530 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo
Checksums-Sha256:
 195773f79cb826d6fc3b7328786d0d3cc3a15c93319d412d13949022ba42bb08 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc
 1c3647c42a3f894df22a7a12473f60ff4be38c38ed97232ecfab9b7f3a4fc8f4 17614652 ghostscript_9.26a~dfsg.orig.tar.xz
 a06f9c3ccc8c1f2c535fd504cee8fba8923846d88ceec1c009381404851cf25b 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
 5f5c10fc76afef89b034566b8481c0787a5857c8b72b742fe9ec0a90ff041a38 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo
Files:
 e473a7e4f84d20c8f0e5c1bfd18e42d8 2552 text optional ghostscript_9.26a~dfsg-0+deb9u7.dsc
 93cc537385e51eee94b96102616e338a 17614652 text optional ghostscript_9.26a~dfsg.orig.tar.xz
 218054848e5961421477b60f6e7b20d8 135688 text optional ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
 7d6a9769967b32de23a4696b683ee905 13001 text optional ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8+msUACgkQj/HLbo2J
BZ9KVAf/YbJdtOSp6TAWKVVF3N3JzNyLJGHxH98xlHqYRSIIgxFRkJ1U+1htydyi
llp/SIfhLVjwN8NMv0vdcUvytCwiQm7EKw+bVXsa5i7PHk8CmuvZGADMaKryg/ll
Q8zNXiDM4IXTNDUmKaZgZXQZOXH5ENpMfrikOwK1g8mLmJLQRLk3/4tCOqNiJHVX
tgI92Bm6ahEf0Yj/+femFL0+Vat2OW4LUhP4TA+jdC4jC/tMvokkz7qSY0VQ8Ew5
gAVch3l3wMQo5eh9VzRosV2bPnySOlMPeMl7gSC+DiHCbowRM8vJu9AB3Rxi3RP1
Zobwwz3eczD2dQGFy3wOgK0kxei6/w==
=LHQq
-----END PGP SIGNATURE-----