[Bug 2130127] Re: Merge ghostscript from Debian Unstable for resolute

Mon, 23 Feb 2026 11:26:12 -0800 

This bug was fixed in the package ghostscript - 10.06.0~dfsg-3ubuntu1

---------------
ghostscript (10.06.0~dfsg-3ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2130127). Remaining changes:
    - New re-packaging of Ghostscript 10.06.0, keeping the leptonica and
      tesseract convenience copies in as they are not in Ubuntu Main. Added
      appropriate remark to debian/copyright.
    - Also keep the lcms2mt convenience copy as it is heavily patched by
      Ghostscript's upstream developers, especially for multi-threading
      (mt) support.
    - Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug
      #1012254). Otherwise we get FTBFS on armhf.
  * Dropped delta merged upstream:
    - Removed use of sphinxcontrib.googleanalytics Sphinx extension, the     
extension is not available in Ubuntu.
    - SECURITY UPDATE: Information Leak
      debian/patches/CVE-2025-48708.patch: Argument sanitization handle '#' as 
per '='
      CVE-2025-48708
    - SECURITY UPDATE: null pointer deref on file write failure
      debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
      pdfwrite in devices/vector/gdevpdf.c.
      CVE-2025-7462
    - SECURITY UPDATE: stack overflow in pdf_write_cmap
      debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
      and check return codes in devices/vector/gdevpdtw.c.
      CVE-2025-59798
    - SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
      debian/patches/CVE-2025-59799.patch: bounds check some strings in
      devices/vector/gdevpdfm.c.
      CVE-2025-59799
    - SECURITY UPDATE: heap overflow in ocr_begin_page
      debian/patches/CVE-2025-59800.patch: fix int overflow in
      devices/gdevpdfocr.c.
      CVE-2025-59800
    - Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP #2124948)
  * Build with fpic to avoid FTBFS

 -- Simon Poirier <[email protected]>  Tue, 27 Jan 2026
22:07:12 -0500

** Changed in: ghostscript (Ubuntu)
       Status: In Progress => Fix Released

** CVE added: https://cve.org/CVERecord?id=CVE-2025-48708

** CVE added: https://cve.org/CVERecord?id=CVE-2025-59798

** CVE added: https://cve.org/CVERecord?id=CVE-2025-59799

** CVE added: https://cve.org/CVERecord?id=CVE-2025-59800

** CVE added: https://cve.org/CVERecord?id=CVE-2025-7462

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2130127

Title:
  Merge ghostscript from Debian Unstable for resolute

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/2130127/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to