[ubuntu/eoan-proposed] ghostscript 9.27~dfsg+0-0ubuntu3 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Thu Sep 12 11:48:15 UTC 2019 

ghostscript (9.27~dfsg+0-0ubuntu3) eoan; urgency=medium

  * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
    Exposures
    - debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
      Be more defensive by preventing access to .forceput from
      .setuserparams2.
    - CVE-2019-14811
    - CVE-2019-14812
    - CVE-2019-14813
    - debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
      as execteonly
    - CVE-2019-14817

Date: Wed, 11 Sep 2019 12:06:48 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.27~dfsg+0-0ubuntu3
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 11 Sep 2019 12:06:48 -0700
Source: ghostscript
Architecture: source
Version: 9.27~dfsg+0-0ubuntu3
Distribution: eoan
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Changes:
 ghostscript (9.27~dfsg+0-0ubuntu3) eoan; urgency=medium
 .
   * SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
     Exposures
     - debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
       Be more defensive by preventing access to .forceput from
       .setuserparams2.
     - CVE-2019-14811
     - CVE-2019-14812
     - CVE-2019-14813
     - debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
       as execteonly
     - CVE-2019-14817
Checksums-Sha1:
 685f80e9066f1025a1189872a4f9c85047679425 2831 ghostscript_9.27~dfsg+0-0ubuntu3.dsc
 2a7ca0487af08f67709ac2945383b0ed2645dbad 123724 ghostscript_9.27~dfsg+0-0ubuntu3.debian.tar.xz
 ab4d7ec605a7194dbd7fe8046b6ecb792845f287 12096 ghostscript_9.27~dfsg+0-0ubuntu3_source.buildinfo
Checksums-Sha256:
 19335cbba21461bf42553d0472902fa05510d535238a000144d028acbf2b6039 2831 ghostscript_9.27~dfsg+0-0ubuntu3.dsc
 90553398d27f88325a7ce3e00e16aff7291f4b71cf88126585f0d851b76f828a 123724 ghostscript_9.27~dfsg+0-0ubuntu3.debian.tar.xz
 6795c05bfb6376b39cdefb6908c9761208a6dcfc9468c781054ad380d6e7b9bb 12096 ghostscript_9.27~dfsg+0-0ubuntu3_source.buildinfo
Files:
 2250ea5f682bdb7b296e876ff879b03b 2831 text optional ghostscript_9.27~dfsg+0-0ubuntu3.dsc
 f3b0239f2828e6a994ac161a23267306 123724 text optional ghostscript_9.27~dfsg+0-0ubuntu3.debian.tar.xz
 c55579b98f9525c6033e11faa0e33a19 12096 text optional ghostscript_9.27~dfsg+0-0ubuntu3_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEUMSg3c8x5FLOsZtRZWnYVadEvpMFAl16LQMACgkQZWnYVadE
vpOqqg/8D1H/1/7ND7v2WBMo+1OvfHwhb/OER2l3Os3ZpAV0ldXwJ81PYRFJIics
BgCgk0F9T6s8gskS/ZtTnOYjXcoFbK77cTfQS46yhXkdeFP4dRPPpupM51VFb7Ah
BduwJTOdJJKEw9TSYLVkPIxwCnj4tTqA/kxdo4L5dzIJUmMZlAfYlgKlTBwL94Bw
mmW4FrPOIVzQ602XjMlQH9g5ws0t6STXMylhRAfP2XiHlcv7hn2bh7GpzjwwhacT
0o2ZB/rwjur70cVXldJECf7jQ1IcS//s/aXdxTxakl6ig1xgbMchKCnLDUbIUNDA
+rult7ZZoSWBiNgzmgkbYi9QFhmffaOhxAhYTUEtu7oEWHaJX0EyI3yIBu6rFLwW
L98A0nUWNlB7DEiydWJhWO8gVm82maxNZPhhuqGQehcA1wv3wZsQwoFta4zctfe/
AF8aIsptZBNzVg8joK0rq/xhMz2C8Dt0MGkzu9nduhrNEzWr3wA0Rtt+U2G6WVmm
cNNQPjXjs2/AYzwdJywHfBSaFME9gT8PC5d8XE2FQ+bn2HUnjxCvBuvSN43xoHo4
oxfK4+EC6prZi4xjrHVvdnR1fWp8M0aw6rQj4tmSRSnzRpCiX4yzbUMvtYc7Mi8I
k1Fca9WiXuTUTjZ5tcd9IhXMmRQRGdDrEsh3RG9pYmFg/QQdUwI=
=uTlX
-----END PGP SIGNATURE-----

More information about the Eoan-changes mailing list