-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 27 Oct 2016 13:25:52 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.19~dfsg-3.1 Distribution: unstable Urgency: medium Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 839118 839260 839841 839845 839846 840451 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.19~dfsg-3.1) unstable; urgency=medium . * Non-maintainer upload. * CVE-2013-5653: Information disclosure through getenv, filenameforall (Closes: #839118) * CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote shell command execution (Closes: #839260) * CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing remote file disclosure (Closes: #839841) * CVE-2016-7978: reference leak in .setdevice allows use-after-free and remote code execution (Closes: #839845) * CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code execution (Closes: #839846) * CVE-2016-8602: check for sufficient params in .sethalftone5 and param types (Closes: #840451) * Add 840691-Fix-.locksafe.patch patch. Fixes regression seen with zathura and evince. Fix .locksafe. We need to .forceput the defintion of getenv into systemdict. Thanks to Edgar Fuß <ef@math.uni-bonn.de> Checksums-Sha1: 73e9eb76a5189dc9a1bd57752b26f4edae837946 2997 ghostscript_9.19~dfsg-3.1.dsc d969bd2cc53abe7352922c1853c47e7ccb0d8eeb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz 285f6d7b5828229ebfd9ba92d92168fabc90331a 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb 20aa04760215363e21fdffde03a4f23f7ce2111b 3030750 libgs9-common_9.19~dfsg-3.1_all.deb Checksums-Sha256: d0c44fabebe04b6d2797d61df9940c1ac5897ff47d0dd3882e6eaa603fdd6642 2997 ghostscript_9.19~dfsg-3.1.dsc 0e22f98aed5e9b705a241acd401303c57467b686363912bf6c85422c587e90bb 106324 ghostscript_9.19~dfsg-3.1.debian.tar.xz 5526424d99b60b40665177bb93927f5620aaddb458e2624922d56b49670c8a10 5568784 ghostscript-doc_9.19~dfsg-3.1_all.deb 55ad19603838e06a2fd2d5b69ffd2bdb9d4899f8714c5b050ee94f760e710c6f 3030750 libgs9-common_9.19~dfsg-3.1_all.deb Files: 679cdcc87ac7a4382519dcfeace22a46 2997 text optional ghostscript_9.19~dfsg-3.1.dsc 8668693afcef4280199b80fd08e1a754 106324 text optional ghostscript_9.19~dfsg-3.1.debian.tar.xz 439b9da68e9e157294b64d472f99cc5e 5568784 doc optional ghostscript-doc_9.19~dfsg-3.1_all.deb 6aa26679d65514fccb63fb82e3343d0b 3030750 libs optional libgs9-common_9.19~dfsg-3.1_all.deb -----BEGIN PGP SIGNATURE----- iQKPBAEBCgB5BQJYE4tXXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRMoI D/94fxNlivh303wFVls0NLyAAkeiSbPP1DzirV+q/3aXk1lUvzhHsrxT+co65rn1 2zIymw5kvElanQiwI+REmlOF+mkxRv0yLYopGKHjvDST/W/Kx5KIrl68yyqVe8fO WDdSW2mRg5otCQyuSd+Pa96jpFZEWsyEE1zblS/jhZw8RzkJpSCHnmGUXFDLKV0i +m59qliO8TsaldVJ1f8f8Ts5mfs5J9UzU2p4Z0jXBkVVhOejvqBcJjhYsUydV/mL SSzvpUBgkqd29af0n53YvOssgt3XhXXwx55L2EI+1/lhMR4XGXfWGLq3cnJGxAhl 2Vavbn+GSg6g8u8uHeUe4L5BCzhqcUtBKyGNLxbTv4+4sv+2C1tzS8XavvBokI+D E4sc4l1UePIkWWI9AaFSq7pc9hOF+gjFI2JqBAvGd2sc8Cg+qRznxLRwrmsGet5g XcKVHv91uqoYcYpN8y/kmI/IzmZ1khjvtYatjLGK56eUBNAjXrjrJ4aMYwaVZrKV FCtueleGbjpwJyeFl8QRq/4vhTPPP6vYWYmb07hf+hBVoYicoQR78qnJiF99nXjm uO+UfW4Zc07pIHl+qVbmUMC28pWYsJ2qlQ+GJDluBPQMTR2k/jLs6XbuQ1diZIw2 YeZPkNB9dfrqPIFGAllZWwFuk3ISFhUele7pMMX3v8mfDA== =ykAE -----END PGP SIGNATURE-----