Accepted ghostscript 9.26a~dfsg-0+deb9u7 (source) into oldstable
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 20 Aug 2020 16:04:00 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.26a~dfsg-0+deb9u7
Distribution: stretch-security
Urgency: high
Maintainer: Debian Printing Team <debian-printing@lists.debian.org>
Changed-By: Sylvain Beucler <beuc@debian.org>
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.26a~dfsg-0+deb9u7) stretch-security; urgency=high
.
* Non-maintainer upload by the LTS Security Team.
* CVE-2020-16287: a buffer overflow vulnerability in lprn_is_black() in
contrib/lips4/gdevlprn.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-16288: a buffer overflow vulnerability in
pj_common_print_page() in devices/gdevpjet.c allows a remote attacker
to cause a denial of service via a crafted PDF file.
* CVE-2020-16289: a buffer overflow vulnerability in cif_print_page() in
devices/gdevcif.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-16290: a buffer overflow vulnerability in
jetp3852_print_page() in devices/gdev3852.c allows a remote attacker
to cause a denial of service via a crafted PDF file.
* CVE-2020-16291: a buffer overflow vulnerability in contrib/gdevdj9.c
allows a remote attacker to cause a denial of service via a crafted
PDF file.
* CVE-2020-16292: a buffer overflow vulnerability in mj_raster_cmd() in
contrib/japanese/gdevmjc.c allows a remote attacker to cause a denial
of service via a crafted PDF file.
* CVE-2020-16293: a null pointer dereference vulnerability in
compose_group_nonknockout_nonblend_isolated_allmask_common() in
base/gxblend.c allows a remote attacker to cause a denial of service
via a crafted PDF file.
* CVE-2020-16294: a buffer overflow vulnerability in epsc_print_page()
in devices/gdevepsc.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-16295: a null pointer dereference vulnerability in
clj_media_size() in devices/gdevclj.c allows a remote attacker to
cause a denial of service via a crafted PDF file.
* CVE-2020-16296: a buffer overflow vulnerability in GetNumWrongData()
in contrib/lips4/gdevlips.c allows a remote attacker to cause a denial
of service via a crafted PDF file.
* CVE-2020-16297: a buffer overflow vulnerability in
FloydSteinbergDitheringC() in contrib/gdevbjca.c allows a remote
attacker to cause a denial of service via a crafted PDF file.
* CVE-2020-16298: a buffer overflow vulnerability in mj_color_correct()
in contrib/japanese/gdevmjc.c allows a remote attacker to cause a
denial of service via a crafted PDF file.
* CVE-2020-16299: a Division by Zero vulnerability in bj10v_print_page()
in contrib/japanese/gdev10v.c allows a remote attacker to cause a
denial of service via a crafted PDF file.
* CVE-2020-16300: a buffer overflow vulnerability in tiff12_print_page()
in devices/gdevtfnx.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-16301: a buffer overflow vulnerability in
okiibm_print_page1() in devices/gdevokii.c allows a remote attacker to
cause a denial of service via a crafted PDF file.
* CVE-2020-16302: a buffer overflow vulnerability in
jetp3852_print_page() in devices/gdev3852.c allows a remote attacker
to escalate privileges via a crafted PDF file.
* CVE-2020-16303: a use-after-free vulnerability in
xps_finish_image_path() in devices/vector/gdevxps.c allows a remote
attacker to escalate privileges via a crafted PDF file.
* CVE-2020-16304: a buffer overflow vulnerability in
image_render_color_thresh() in base/gxicolor.c allows a remote
attacker to escalate privileges via a crafted eps file.
* CVE-2020-16305: a buffer overflow vulnerability in pcx_write_rle() in
contrib/japanese/gdev10v.c allows a remote attacker to cause a denial
of service via a crafted PDF file.
* CVE-2020-16306: a null pointer dereference vulnerability in
devices/gdevtsep.c allows a remote attacker to cause a denial of
service via a crafted postscript file.
* CVE-2020-16307: a null pointer dereference vulnerability in
devices/vector/gdevtxtw.c and psi/zbfont.c allows a remote attacker to
cause a denial of service via a crafted postscript file.
* CVE-2020-16308: a buffer overflow vulnerability in p_print_image() in
devices/gdevcdj.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-16309: a buffer overflow vulnerability in
lxm5700m_print_page() in devices/gdevlxm.c allows a remote attacker to
cause a denial of service via a crafted eps file.
* CVE-2020-16310: a division by zero vulnerability in dot24_print_page()
in devices/gdevdm24.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
* CVE-2020-17538: a buffer overflow vulnerability in GetNumSameData() in
contrib/lips4/gdevlips.c allows a remote attacker to cause a denial of
service via a crafted PDF file.
Checksums-Sha1:
25eea8e669f56ae5c9c5d3660f297ac7b97c5f23 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc
3bc2fd605063bfd1dcd481b54a81159cb1f33a7e 17614652 ghostscript_9.26a~dfsg.orig.tar.xz
1c11eb6337334a8e3e8a01bcc3c6b1fd881121bf 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
846ed77683af604791c96801f7cf1b097ec90530 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo
Checksums-Sha256:
195773f79cb826d6fc3b7328786d0d3cc3a15c93319d412d13949022ba42bb08 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc
1c3647c42a3f894df22a7a12473f60ff4be38c38ed97232ecfab9b7f3a4fc8f4 17614652 ghostscript_9.26a~dfsg.orig.tar.xz
a06f9c3ccc8c1f2c535fd504cee8fba8923846d88ceec1c009381404851cf25b 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
5f5c10fc76afef89b034566b8481c0787a5857c8b72b742fe9ec0a90ff041a38 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo
Files:
e473a7e4f84d20c8f0e5c1bfd18e42d8 2552 text optional ghostscript_9.26a~dfsg-0+deb9u7.dsc
93cc537385e51eee94b96102616e338a 17614652 text optional ghostscript_9.26a~dfsg.orig.tar.xz
218054848e5961421477b60f6e7b20d8 135688 text optional ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz
7d6a9769967b32de23a4696b683ee905 13001 text optional ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8+msUACgkQj/HLbo2J
BZ9KVAf/YbJdtOSp6TAWKVVF3N3JzNyLJGHxH98xlHqYRSIIgxFRkJ1U+1htydyi
llp/SIfhLVjwN8NMv0vdcUvytCwiQm7EKw+bVXsa5i7PHk8CmuvZGADMaKryg/ll
Q8zNXiDM4IXTNDUmKaZgZXQZOXH5ENpMfrikOwK1g8mLmJLQRLk3/4tCOqNiJHVX
tgI92Bm6ahEf0Yj/+femFL0+Vat2OW4LUhP4TA+jdC4jC/tMvokkz7qSY0VQ8Ew5
gAVch3l3wMQo5eh9VzRosV2bPnySOlMPeMl7gSC+DiHCbowRM8vJu9AB3Rxi3RP1
Zobwwz3eczD2dQGFy3wOgK0kxei6/w==
=LHQq
-----END PGP SIGNATURE-----