-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Tue, 01 Aug 2017 09:38:25 +0200 Source: ghostscript Binary: ghostscript ghostscript-cups ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg Architecture: source all amd64 Version: 9.05~dfsg-6.3+deb7u7 Distribution: wheezy-security Urgency: high Maintainer: Debian Printing Team <debian-printing@lists.debian.org> Changed-By: Markus Koschany <apo@debian.org> Description: ghostscript - interpreter for the PostScript language and for PDF ghostscript-cups - interpreter for the PostScript language and for PDF - CUPS filter ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati ghostscript-x - interpreter for the PostScript language and for PDF - X11 support libgs-dev - interpreter for the PostScript language and for PDF - Development libgs9 - interpreter for the PostScript language and for PDF - Library libgs9-common - interpreter for the PostScript language and for PDF - common file Changes: ghostscript (9.05~dfsg-6.3+deb7u7) wheezy-security; urgency=high . * Non-maintainer upload by the LTS team. * CVE-2017-9835: Lack of an integer overflow check in base/gsalloc.c allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) * CVE-2017-9739: The Ins_JMPR function in base/ttinterp.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. * CVE-2017-9727: The gx_ttfReader__Read function in base/gxttfb.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. * CVE-2017-9726: The Ins_MDRP function in base/ttinterp.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. * CVE-2017-9612: The Ins_IP function in base/ttinterp.c allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly have unspecified other impact via a crafted document. * CVE-2017-9611: The Ins_MIRP function in base/ttinterp.c allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly have unspecified other impact via a crafted document. * CVE-2017-7207: The mem_get_bits_rectangle function allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted PostScript document. * CVE-2017-11714: psi/ztoken.c mishandles references to the scanner state structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted PostScript document, related to an out-of-bounds read in the igc_reloc_struct_ptr function in psi/igc.c. Checksums-Sha1: cbe08c0cc95623b08e2b88c6d16abb992fd73ffe 2984 ghostscript_9.05~dfsg-6.3+deb7u7.dsc c26cb1741e1a6459f7529480ac36bb4f6ebc26d7 119789 ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz 4661e60660b913bab1bc6188ef71e998199d80a9 2446350 ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb 3bf5531ddcf025c3491d9de5b67c907e7773e47b 1979152 libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb b1660df244a3422511fe98356a68ea11f4b0605e 81408 ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb b99b298fe9d5d37c4c3b53b87d329be47cf14280 60952 ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb 703bf099b6b8fb7946739a2452834c7df7ea0aee 73048 ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb c86dfd7bd023754ace1f0c87cfc3ca05128eb11e 1846068 libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb a16fa4c884eb2413a4cc7492769d5dbea501e366 2040078 libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb 4300f375b9a03d7bee6bb26667f1f6ea848da9d7 5329166 ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb Checksums-Sha256: b5f556a44faa3b47d8ee834dbcd3c530a5cd971c9d8f3b8ecfa9b314559c4192 2984 ghostscript_9.05~dfsg-6.3+deb7u7.dsc 81b0688beaf33b17430d4c0af05102274ef3d2bb56a4e038769499f24fb4184d 119789 ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz b19541665ecf2e35052ae2c82ca620ed87484ec4006933c3e5608d8e119a6f67 2446350 ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb bd038c3a292a0a394c06a15024bd2da9fa00bdfc19cd1f34ed845e5f95253b29 1979152 libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb bb5f8d83781eef17ef5dd99b6fa618b2e67c3af7fdaa3fa9c62e9287dad49ea8 81408 ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb 70554564d852ea8b2c21e42ad5185bb3727928a473ac5451aa6b0129e5e51cb8 60952 ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb 5f9a65ff487c62a335cd0b721e462eeea965b2bfe16174ea59d09c2eb1455afd 73048 ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb 8b65e4c97bad8b77807a74cb429dac2218fa3b09b324f6719e5a9bf5e9e99b4b 1846068 libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb 6b9edf3a3a157b543f1c20cf1ac363f075eb534d6e1313a81359083e355f78d1 2040078 libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb 4e5bac89dfcd8c84c6358dedfc741c6af996b87776e6f3792ce561ddc1925045 5329166 ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb Files: efe56b6ae3d11f8cf3d51f134e559071 2984 text optional ghostscript_9.05~dfsg-6.3+deb7u7.dsc 080bf3adb21c1287a0223282e33bb0e9 119789 text optional ghostscript_9.05~dfsg-6.3+deb7u7.debian.tar.gz 037503fbdbb7365a05e109507e49be5f 2446350 doc optional ghostscript-doc_9.05~dfsg-6.3+deb7u7_all.deb fded26c7683afc4cb802b943a4482b71 1979152 libs optional libgs9-common_9.05~dfsg-6.3+deb7u7_all.deb 4842a6e21d22382e6077ecba31602c5e 81408 text optional ghostscript_9.05~dfsg-6.3+deb7u7_amd64.deb 60c5846e21e36092de2b0da69cb4d840 60952 text optional ghostscript-cups_9.05~dfsg-6.3+deb7u7_amd64.deb 3ef748c2c4c53578672508f4803a4fad 73048 text optional ghostscript-x_9.05~dfsg-6.3+deb7u7_amd64.deb 4e110f6b25a98dab8a55e7f77838cfc7 1846068 libs optional libgs9_9.05~dfsg-6.3+deb7u7_amd64.deb 84a365e7e454725744852e2e49bca40e 2040078 libdevel optional libgs-dev_9.05~dfsg-6.3+deb7u7_amd64.deb 4f1265b9b5e14092381a0e12fe16c94f 5329166 debug extra ghostscript-dbg_9.05~dfsg-6.3+deb7u7_amd64.deb -----BEGIN PGP SIGNATURE----- iQKjBAEBCgCNFiEErPPQiO8y7e9qGoNf2a0UuVE7UeQFAlmAPFFfFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldEFD RjNEMDg4RUYzMkVERUY2QTFBODM1RkQ5QUQxNEI5NTEzQjUxRTQPHGFwb0BkZWJp YW4ub3JnAAoJENmtFLlRO1HkzuEP/j3Fat+tnF6l/43ufJSUkaiqVj/IrcpfbRda 7V1wVDUGav320lyVrX7HcbxklReErH8ern/DkMF5HrvbIOIR6arram+e0v9VTWiK z8mhoQd/RUosR11ISZPg+zzSDVw8ZYBmWhqByobm2E/P9QLoadAb4jdHIb8kQlnQ RYBU0WTtei4C5GuH73oj+6PXaCdY2uNooTePYCpVWv1MS2zRQnHp93ED4GkA6w+r 7VzS63JnRb7KVqiy9nxKH3XRioOhlV+9vAG4gaE/BFb7RbJ+lkQTA3avzvY1lV2F frByc7JVmdUgB/gu5NI3TZm3KPDN0SpVD2uvS5L9I/odTYu4ZZGr82eIjTjqjXLb mxqFO1j5PQK6Y2sxQCtmROQE/x+HaVkw+xbiTD+2PNKDK+zOt1r8SHcWbKSY2snN bcYOrekn/kB7MJ9hzRoQ8eVvMSoc7lhUbayCA6JI9ilsBWwk24exLG54h0N2rxCS +6KZiTEFeH0GrWMmVqSIFwSxdJQH5ZVUbbWMA5HC+U0wfn52FAhd2vEKr76aXXoi 1VAUGKLgWadi9rcW/fHo11MiTsxoFu/+y50hbnyKkISvM9AI0zDt5MlvWGjc85kP WxqBy4Gcs/f6rqJoSWpxRGFUe/xhV/WoJpkoox6v9/4OOdIgcQnU8zp3H+kUdgdC l90AH3gD =SBBZ -----END PGP SIGNATURE-----