-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 20 Aug 2020 16:04:00 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source Version: 9.26a~dfsg-0+deb9u7 Distribution: stretch-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Sylvain Beucler <beuc@debian.org> Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.26a~dfsg-0+deb9u7) stretch-security; urgency=high . * Non-maintainer upload by the LTS Security Team. * CVE-2020-16287: a buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gdevlprn.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16288: a buffer overflow vulnerability in pj_common_print_page() in devices/gdevpjet.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16289: a buffer overflow vulnerability in cif_print_page() in devices/gdevcif.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16290: a buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16291: a buffer overflow vulnerability in contrib/gdevdj9.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16292: a buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese/gdevmjc.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16293: a null pointer dereference vulnerability in compose_group_nonknockout_nonblend_isolated_allmask_common() in base/gxblend.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16294: a buffer overflow vulnerability in epsc_print_page() in devices/gdevepsc.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16295: a null pointer dereference vulnerability in clj_media_size() in devices/gdevclj.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16296: a buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/gdevlips.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16297: a buffer overflow vulnerability in FloydSteinbergDitheringC() in contrib/gdevbjca.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16298: a buffer overflow vulnerability in mj_color_correct() in contrib/japanese/gdevmjc.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16299: a Division by Zero vulnerability in bj10v_print_page() in contrib/japanese/gdev10v.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16300: a buffer overflow vulnerability in tiff12_print_page() in devices/gdevtfnx.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16301: a buffer overflow vulnerability in okiibm_print_page1() in devices/gdevokii.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16302: a buffer overflow vulnerability in jetp3852_print_page() in devices/gdev3852.c allows a remote attacker to escalate privileges via a crafted PDF file. * CVE-2020-16303: a use-after-free vulnerability in xps_finish_image_path() in devices/vector/gdevxps.c allows a remote attacker to escalate privileges via a crafted PDF file. * CVE-2020-16304: a buffer overflow vulnerability in image_render_color_thresh() in base/gxicolor.c allows a remote attacker to escalate privileges via a crafted eps file. * CVE-2020-16305: a buffer overflow vulnerability in pcx_write_rle() in contrib/japanese/gdev10v.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16306: a null pointer dereference vulnerability in devices/gdevtsep.c allows a remote attacker to cause a denial of service via a crafted postscript file. * CVE-2020-16307: a null pointer dereference vulnerability in devices/vector/gdevtxtw.c and psi/zbfont.c allows a remote attacker to cause a denial of service via a crafted postscript file. * CVE-2020-16308: a buffer overflow vulnerability in p_print_image() in devices/gdevcdj.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-16309: a buffer overflow vulnerability in lxm5700m_print_page() in devices/gdevlxm.c allows a remote attacker to cause a denial of service via a crafted eps file. * CVE-2020-16310: a division by zero vulnerability in dot24_print_page() in devices/gdevdm24.c allows a remote attacker to cause a denial of service via a crafted PDF file. * CVE-2020-17538: a buffer overflow vulnerability in GetNumSameData() in contrib/lips4/gdevlips.c allows a remote attacker to cause a denial of service via a crafted PDF file. Checksums-Sha1: 25eea8e669f56ae5c9c5d3660f297ac7b97c5f23 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc 3bc2fd605063bfd1dcd481b54a81159cb1f33a7e 17614652 ghostscript_9.26a~dfsg.orig.tar.xz 1c11eb6337334a8e3e8a01bcc3c6b1fd881121bf 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz 846ed77683af604791c96801f7cf1b097ec90530 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo Checksums-Sha256: 195773f79cb826d6fc3b7328786d0d3cc3a15c93319d412d13949022ba42bb08 2552 ghostscript_9.26a~dfsg-0+deb9u7.dsc 1c3647c42a3f894df22a7a12473f60ff4be38c38ed97232ecfab9b7f3a4fc8f4 17614652 ghostscript_9.26a~dfsg.orig.tar.xz a06f9c3ccc8c1f2c535fd504cee8fba8923846d88ceec1c009381404851cf25b 135688 ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz 5f5c10fc76afef89b034566b8481c0787a5857c8b72b742fe9ec0a90ff041a38 13001 ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo Files: e473a7e4f84d20c8f0e5c1bfd18e42d8 2552 text optional ghostscript_9.26a~dfsg-0+deb9u7.dsc 93cc537385e51eee94b96102616e338a 17614652 text optional ghostscript_9.26a~dfsg.orig.tar.xz 218054848e5961421477b60f6e7b20d8 135688 text optional ghostscript_9.26a~dfsg-0+deb9u7.debian.tar.xz 7d6a9769967b32de23a4696b683ee905 13001 text optional ghostscript_9.26a~dfsg-0+deb9u7_amd64.buildinfo -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEQic8GuN/xDR88HkSj/HLbo2JBZ8FAl8+msUACgkQj/HLbo2J BZ9KVAf/YbJdtOSp6TAWKVVF3N3JzNyLJGHxH98xlHqYRSIIgxFRkJ1U+1htydyi llp/SIfhLVjwN8NMv0vdcUvytCwiQm7EKw+bVXsa5i7PHk8CmuvZGADMaKryg/ll Q8zNXiDM4IXTNDUmKaZgZXQZOXH5ENpMfrikOwK1g8mLmJLQRLk3/4tCOqNiJHVX tgI92Bm6ahEf0Yj/+femFL0+Vat2OW4LUhP4TA+jdC4jC/tMvokkz7qSY0VQ8Ew5 gAVch3l3wMQo5eh9VzRosV2bPnySOlMPeMl7gSC+DiHCbowRM8vJu9AB3Rxi3RP1 Zobwwz3eczD2dQGFy3wOgK0kxei6/w== =LHQq -----END PGP SIGNATURE-----