-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Fri, 28 Apr 2017 10:32:58 +0200 Source: ghostscript Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: all source Version: 9.06~dfsg-2+deb8u5 Distribution: jessie-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Salvatore Bonaccorso <carnil@debian.org> Closes: 858350 859666 859694 859696 861295 Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.06~dfsg-2+deb8u5) jessie-security; urgency=high . * Non-maintainer upload by the Security Team. * Avoid divide by 0 in scan conversion code (CVE-2016-10219) (Closes: #859666) * fix crash with bad data supplied to makeimagedevice (CVE-2016-10220) (Closes: #859694) * use the correct param list enumerator (CVE-2017-5951) (Closes: #859696) * Ensure a device has raster memory, before trying to read it (CVE-2017-7207) (Closes: #858350) * -dSAFER bypass and remote command execution via a "/OutputFile (%pipe%" substring (CVE-2017-8291) (Closes: #861295) Checksums-Sha1: 8f7c4346fe47fea21650056086bda263db9d6872 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc e25ca1fd6c73d41ac2aaebd8c531a66317251713 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz a273d08977e14bdfc3a79bb96facbff938257629 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 88574e4609644e4ae7f8533b03c3180fe0744aed 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Checksums-Sha256: 16a0d747448b2218b32a4b2bc10f5889487f24c560ab30cffd032f12e4b7dfe5 3044 ghostscript_9.06~dfsg-2+deb8u5.dsc a8669894aa36a27a7cb377d534ea3b18e521b3cad081061b38efa4d053752b8f 99820 ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 277197c6bcec09f21fb5b5db572dc06b7de530003ba4d57185b63b9704e002b5 5067584 ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 2fad4b983c3e377831bdbb41b2931b7801a5852af5e990dd73f25f0b1dedd206 1979830 libgs9-common_9.06~dfsg-2+deb8u5_all.deb Files: cd42658d6bb92c53893b6cc074447dd7 3044 text optional ghostscript_9.06~dfsg-2+deb8u5.dsc 947cd7155561de35b402acc790acdc92 99820 text optional ghostscript_9.06~dfsg-2+deb8u5.debian.tar.xz 86512a2ba1ae1616e1f684b8bed65638 5067584 doc optional ghostscript-doc_9.06~dfsg-2+deb8u5_all.deb 14dd4974786b18da1e7baa84714f0509 1979830 libs optional libgs9-common_9.06~dfsg-2+deb8u5_all.deb -----BEGIN PGP SIGNATURE----- iQKmBAEBCgCQFiEERkRAmAjBceBVMd3uBUy48xNDz0QFAlkDAKJfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDQ2 NDQ0MDk4MDhDMTcxRTA1NTMxRERFRTA1NENCOEYzMTM0M0NGNDQSHGNhcm5pbEBk ZWJpYW4ub3JnAAoJEAVMuPMTQ89EMMoP/jOPsBQ2cXbxTb8ZbG3O8ZMPOyhWigVH qq3gGgYXTWRez6NdSSGHNjiDCUX0NppYfiW0OqRnAAv0E1ypYQsqk/M2LBTkhMRy D/oYFlZ2/B8RSo4/tQwCHxeUagj/AvaH7Pc6Zqf+njakhu6csz7vm2wJyAXVF/8V wOIBTu3+61SGUijfDkXruBX3HuHTx1m53ijd73McdmmkSl6Ygs7HBjb2cfEFEDvM BWBe6BpzVE4vzcxK+7SzLJoBgOrb50Df5ZaGdPRDcFQDMlPzmvTR8NEMFY6GIc9z KuGDe1E+uCGGM8F+uR0xPHYlAQSkk3W6nAPNV+XunTanNuk682I29NKmSjNFQGDO CztBciB1Ir8oK2mPfVWT/VIXuaNU4YvlOD/4dbwoXrOmWHsCbT9UsZuSkWw8niN9 /6nnD3vlQQEFkV3r0q8+VTAjf79WmI78tYE07jaj78ISbfzSJQW4DfDw3dmUnF3w tVd9FX5PuWbj3EDnZvNVCkKi2lfNDU2BjqcT01NNOP+8E3tv3eIWuHCAMquTA6cQ nouXe06AiBOxhKZh+lYkvJHJ9u4vZzleesqTDhfeMX0O7XHLOKVUW0FH5QQDx4To OX5fkqwVmKCTqhWYVbzzPKvOnVNf0ZqyPGZgQe72a/Svfdk7363P9Uq4JielNjxV ocbK4QPHpt9g =RoV4 -----END PGP SIGNATURE-----