-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Sat, 08 Oct 2016 13:30:08 +0200
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common
libgs-dev ghostscript-dbg
Architecture: all source
Version: 9.06~dfsg-2+deb8u2
Distribution: jessie-security
Urgency: high
Maintainer: Debian Printing Team <debian-print...@lists.debian.org>
Changed-By: Salvatore Bonaccorso <car...@debian.org>
Closes: 839118 839260 839841 839845 839846
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug
symbo
ghostscript-doc - interpreter for the PostScript language and for PDF -
Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11
support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common
file
Changes:
ghostscript (9.06~dfsg-2+deb8u2) jessie-security; urgency=high
.
* Non-maintainer upload by the Security Team.
* CVE-2013-5653: Information disclosure through getenv, filenameforall
(Closes: #839118)
* CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote
shell command execution (Closes: #839260)
* CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing
remote file disclosure (Closes: #839841)
* CVE-2016-7978: reference leak in .setdevice allows use-after-free and
remote code execution (Closes: #839845)
* CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code
execution (Closes: #839846)
Checksums-Sha1:
b588704da31bacdd39d8673723b000827468a5f9 3015
ghostscript_9.06~dfsg-2+deb8u2.dsc
67365aa74ac2a302e082dc6b2124662a3e08d686 96344
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
3fb2685b8fa3fa1714bf642ce73bf4aabe60e6f2 5067220
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
4eac087f729feaa9e3535d7e91d7c8516528bac7 1979836
libgs9-common_9.06~dfsg-2+deb8u2_all.deb
Checksums-Sha256:
f74449c2025e1ca7f97da0f9d875bb00b19c65d8f35a2158f56aae10a455407e 3015
ghostscript_9.06~dfsg-2+deb8u2.dsc
e00a08abdf3e10cbb4a06c9758fc01fe7d5997c4a87c3e2e5ff32545dcec244e 96344
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
d33dd656712051f325116ccfc2932b8fc36473ef8bc376002384bb66825b7fde 5067220
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
011526d50434dfc45365cb08a319c15fa9f3738b4ffe58426b26b7a5f4cce9d7 1979836
libgs9-common_9.06~dfsg-2+deb8u2_all.deb
Files:
deecd3c66493c1737b5956ff7fdacd5e 3015 text optional
ghostscript_9.06~dfsg-2+deb8u2.dsc
fcc27764c58d681a71cf82757b2b2e6c 96344 text optional
ghostscript_9.06~dfsg-2+deb8u2.debian.tar.xz
a26fa2eba469b8cbfcdf7c846dfc8082 5067220 doc optional
ghostscript-doc_9.06~dfsg-2+deb8u2_all.deb
5d690f48416c022b1ca3c26e28fe4f26 1979836 libs optional
libgs9-common_9.06~dfsg-2+deb8u2_all.deb
-----BEGIN PGP SIGNATURE-----
iQKPBAEBCgB5BQJX+OKlXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ0NjQ0NDA5ODA4QzE3MUUwNTUzMURERUUw
NTRDQjhGMzEzNDNDRjQ0EhxjYXJuaWxAZGViaWFuLm9yZwAKCRAFTLjzE0PPRLdK
D/9Hb+2bm5pwwARX27BVpLXuUe8fREyHHp54buRYNWpS6sgNoy2tvPlutBwyh3vR
0BJojuPjLh69O2Z5pj1/6MXY1GjnzibWRGwrNuWeI64nNXN4XRAXIohizNjOpNsx
IC/3GaI+Wgy4wUl7vMWAQzfFAcU6MXnIAVRlSV+eG+T9VOxTFeR0poe5W1pAG4Sm
OQlnf/8Ytwwkjx59aChAOyEeiOY3qHEku8b+iwpijHsFHuflJy8MuZs/uVpVksiM
geHZYYRHfcj4C+2CDtk2ZyfadPP2S75tAw58furTAvWRf6d8jY/ZmGEK+nOApfBx
bnLD2L+GXxiVKAhDuQ/Ms5EYO5T7CuU/4uvMdK2abXVT4PKzXhxEXHJfrvBN+oEr
Z7ynDZB6NVM4E8saPfG+A31Rt/fp9KNALg95W74GEKtkUhiy2h6sScyHHW7TUlhX
M7Zv/95dZ/MrDZgYZX9zbffZpQLnaQH6s03w0bHIPwmssaMdUV7tSJdsg41bewmj
Yk+7QD33eJcfsF7t5759fVEFtJGFPPOi3xtNlNX13smby2WyYTFutwJltoRdygrL
ElKyfuoRZTE1m6YFaIt39SjcD03xBS4Zz8hwLyfY4EfLqWhd0ThRaYTaidhL/uUI
NHRbv8Gm+MqBFABiNHF809zFhAhyPDECs6ZcADuYQ4Ta6Q==
=XQEM
-----END PGP SIGNATURE-----
