Public bug reported: Scheduled-For: ubuntu-25.11 Ubuntu: 10.05.0dfsg1-0ubuntu4 Debian Unstable: 10.06.0~dfsg-3
The current version in Ubuntu went ahead of Debian in the past, so this package may be diverged from Debian and require more review than usual to get back to mergeability. If this package should not be considered for merges or syncs in the future, you may wish to consider adding it to the `sync-blocklist` at: https://code.launchpad.net/~ubuntu-archive/+git/sync-blocklist A new release of ghostscript is available for merging from Debian Unstable. If it turns out this needs a sync rather than a merge, please change the tagging from ['dcr-merge'] to ['dcr-sync'], and (optionally) update the title as desired. If this merge pulls in a new upstream version, also consider adding an entry to the resolute Release Notes: https://discourse.ubuntu.com/t/resolute-raccoon-release-notes/ ### New Debian Changes ### ghostscript (10.06.0~dfsg-3) unstable; urgency=medium [ Steve Robbins ] * [703426f] Remove -Werror=declaration-after-statement to fix build on armhf. * [9258e4c] Fix two booleans that were meant to be integers -- Steve M. Robbins <[email protected]> Tue, 30 Sep 2025 19:08:44 -0500 ghostscript (10.06.0~dfsg-2) unstable; urgency=medium [ Steve Robbins ] * [f3af481] Patch calls to check_64bit_multiply(). * [da00d5b] Wrap overlong changelog line. -- Steve M. Robbins <[email protected]> Mon, 29 Sep 2025 21:47:31 -0500 ghostscript (10.06.0~dfsg-1) unstable; urgency=medium * New upstream version - Closes: #1116443, #1116444. * Standards-Version: 4.7.2 (routine-update) * Reorder sequence of d/control fields by cme (routine-update) * Remove trailing whitespace in debian/changelog (routine-update) Update lintian override info format in d/source/lintian-overrides on line 2-12, 15. * [c267038] Remove patches applied upstream -- Steve M. Robbins <[email protected]> Mon, 29 Sep 2025 08:37:38 -0500 ghostscript (10.05.1~dfsg-3) unstable; urgency=medium [ Steve Robbins ] * [fb1ee5b] Fixes for C23. * [4a94390] Additional fixes for C23. Closes: #1096702 -- Steve M. Robbins <[email protected]> Sat, 06 Sep 2025 21:25:01 -0500 ghostscript (10.05.1~dfsg-2) unstable; urgency=medium [ Steve Robbins ] * [a7443cd] Upstream fix for CVE-2025-7462. Closes: #1109270. * [510df70] Apply upstream patch that closes: #1101348. -- Steve M. Robbins <[email protected]> Sun, 24 Aug 2025 14:57:41 -0500 ghostscript (10.05.1~dfsg-1) unstable; urgency=medium [ Steve Robbins ] * [592d479] New upstream version 10.05.1~dfsg -- Steve M. Robbins <[email protected]> Sun, 04 May 2025 21:32:27 -0500 ### Old Ubuntu Delta ### ghostscript (10.05.0dfsg1-0ubuntu4) questing; urgency=medium * SECURITY UPDATE: null pointer deref on file write failure - debian/patches/CVE-2025-7462.patch: catch a null file pointer closing pdfwrite in devices/vector/gdevpdf.c. - CVE-2025-7462 * SECURITY UPDATE: stack overflow in pdf_write_cmap - debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer and check return codes in devices/vector/gdevpdtw.c. - CVE-2025-59798 * SECURITY UPDATE: stack overflow in pdfmark_coerce_dest - debian/patches/CVE-2025-59799.patch: bounds check some strings in devices/vector/gdevpdfm.c. - CVE-2025-59799 * SECURITY UPDATE: heap overflow in ocr_begin_page - debian/patches/CVE-2025-59800.patch: fix int overflow in devices/gdevpdfocr.c. - CVE-2025-59800 -- Marc Deslauriers <[email protected]> Thu, 25 Sep 2025 12:14:26 -0400 ghostscript (10.05.0dfsg1-0ubuntu3) questing; urgency=medium * Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP: #2124948) -- Graham Inggs <[email protected]> Wed, 24 Sep 2025 14:24:58 +0000 ghostscript (10.05.0dfsg1-0ubuntu2) questing; urgency=medium * SECURITY UPDATE: Information Leak - debian/patches/CVE-2025-48708.patch: Argument sanitization handle '#' as per '=' - CVE-2025-48708 -- Bruce Cable <[email protected]> Thu, 03 Jul 2025 15:29:54 +1000 ghostscript (10.05.0dfsg1-0ubuntu1) plucky; urgency=low * New upstream version 10.05.0dfsg1 -- Till Kamppeter <[email protected]> Wed, 12 Mar 2025 22:22:22 +0100 ghostscript (10.05.0~rc1~dfsg1-0ubuntu1) plucky; urgency=low * New upstream version 10.05.0~rc1~dfsg1 * Refreshed patches. * Removed use of sphinxcontrib.googleanalytics Sphinx extension, the extension is not available in Ubuntu. -- Till Kamppeter <[email protected]> Thu, 20 Feb 2025 18:35:22 +0100 ghostscript (10.04.0~dfsg1-2ubuntu1) plucky; urgency=low * Merge from Debian unstable. Remaining changes: - New re-packaging of Ghostscript 10.04.0, keeping the leptonica and tesseract convenience copies in as they are not in Ubuntu Main. Added appropriate remark to debian/copyright. - Also keep the lcms2mt convenience copy as it is heavily patched by Ghostscript's upstream developers, especially for multi-threading (mt) support. - Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug #1012254). Otherwise we get FTBFS on armhf. * Drop CVE* patches, included upstream. * Refreshed remaining patches with quilt. -- Till Kamppeter <[email protected]> Thu, 13 Feb 2025 22:22:22 +0100 ** Affects: ghostscript (Ubuntu) Importance: Undecided Status: New ** Tags: dcr-merge ** Changed in: ghostscript (Ubuntu) Milestone: None => ubuntu-25.11 -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2130127 Title: Merge ghostscript from Debian Unstable for resolute To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/2130127/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
