[ubuntu/mantic-proposed] ghostscript 10.0.0~dfsg1-0ubuntu2 (Accepted)
Marc Deslauriers
marc.deslauriers at ubuntu.com
Wed Jul 5 18:36:18 UTC 2023
ghostscript (10.0.0~dfsg1-0ubuntu2) mantic; urgency=medium
* SECURITY UPDATE: incorrect permission validation for pipe devices
- debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
for permission validation in base/gpmisc.c, base/gslibctx.c.
- debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
in base/gpmisc.c, base/gslibctx.c.
- CVE-2023-36664
Date: Wed, 05 Jul 2023 12:45:07 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.0.0~dfsg1-0ubuntu2
-------------- next part --------------
Format: 1.8
Date: Wed, 05 Jul 2023 12:45:07 -0400
Source: ghostscript
Built-For-Profiles: noudeb
Architecture: source
Version: 10.0.0~dfsg1-0ubuntu2
Distribution: mantic
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
ghostscript (10.0.0~dfsg1-0ubuntu2) mantic; urgency=medium
.
* SECURITY UPDATE: incorrect permission validation for pipe devices
- debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
for permission validation in base/gpmisc.c, base/gslibctx.c.
- debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
in base/gpmisc.c, base/gslibctx.c.
- CVE-2023-36664
Checksums-Sha1:
064f69d0b584d040cfd20dfff48d9469c67025a0 2942 ghostscript_10.0.0~dfsg1-0ubuntu2.dsc
8a3d171e9a081433fa6a9989f416b712c4ec18fa 91280 ghostscript_10.0.0~dfsg1-0ubuntu2.debian.tar.xz
8337d966c29f1ad1c1d7dcc2b00d7dbc9e27cde7 15655 ghostscript_10.0.0~dfsg1-0ubuntu2_source.buildinfo
Checksums-Sha256:
06ab2d330d6b46177f22e86ec0aebbd361f073c9754486d77f75a610591fe522 2942 ghostscript_10.0.0~dfsg1-0ubuntu2.dsc
efd0628717650b7ea560351f8e185682e172254e114d5db5bb388b4cd941b6c1 91280 ghostscript_10.0.0~dfsg1-0ubuntu2.debian.tar.xz
f268892db812626c4688a9b1a4e33f887693d46924ca2f8d3d6d547c6d5f6a5b 15655 ghostscript_10.0.0~dfsg1-0ubuntu2_source.buildinfo
Files:
08e12771d3ee3d4e7f75a0ad41948fc4 2942 text optional ghostscript_10.0.0~dfsg1-0ubuntu2.dsc
5c2cf468dcc49b798b2d6d064e566358 91280 text optional ghostscript_10.0.0~dfsg1-0ubuntu2.debian.tar.xz
55df90f65bff7e1787bd076f1703c2d8 15655 text optional ghostscript_10.0.0~dfsg1-0ubuntu2_source.buildinfo
Original-Maintainer: Debian QA Group <packages at qa.debian.org>
More information about the mantic-changes
mailing list