-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : ghostscript Version : 9.26a~dfsg-0+deb8u4 CVE ID : CVE-2019-10216 Debian Bug : 934638
Netanel reported that the .buildfont1 procedure in Ghostscript, the GPL PostScript/PDF interpreter, does not properly restrict privileged calls, which could result in bypass of file system restrictions of the dSAFER sandbox. For Debian 8 "Jessie", this problem has been fixed in version 9.26a~dfsg-0+deb8u4. We recommend that you upgrade your ghostscript packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEcJymx+vmJZxd92Q+nUbEiOQ2gwIFAl1SfqgACgkQnUbEiOQ2 gwIGSRAAni9loAOTP4P/H2WNbxT6EmSSCuyvOq3yb6vDHX1iUIpijT1fT1BjMwz3 gYhfHkwZXeFsX8rqPp36jJ5sWJdh689fb4AX8o9zCADwqQ9fURrHa9TYT1NctqPv Z1KIUhiMqmb7EBDxuQjEsmaaW01p20oPeE/WxS+mx9jHRy9Zo74urugN0NtDTbl1 R5Pr4qK6S4cXNQHeom6/A2Y/xCNHAiqBB3BiFBZFOL56PSjvx15xrip3ldZeJtM8 W2zhTspWgtaz0B366f/eIMwYAgQvuT60GN8MMGaIQar+n2b+Im/HWsYMQ84/j/At C9tGBL2e6Rs01cfHP4aedg+hbuNpJ5MTpnKTk8SAhYJMsjQ9ml6Y72UK+WqCBfhe 6Fcv98+phzsjSWJgQPX5RX1Gf5FlShYf/Rj1Up6ricKkcaUvSvSEIkoaACnfIyo9 jP918MvNBbHrsmGZ3A60V5vxanHHhMInCNll0WIcWL6Jmk0hQKKdBXCZ5jlsmlcd cnMEnYeU0+lJDEyBpWzfwyPmKZEu+ZrL2VrvusopspWqlx+p2ofAmCB0JqBUhFRa 5+apw2Uhv/Oi5ij7FAcZ6pFduqIsmD3xBc3HmFNtqNNB9E4cRGD/wkEtHQBayZUS Yhojwp8IcqWBp1DU8x2sS2t847SHW3PqgMexYY0DiqU6B/h1LtM= =rLH6 -----END PGP SIGNATURE-----
