[ubuntu/noble-security] ghostscript 10.02.1~dfsg1-0ubuntu7.5 (Accepted)

[Marc Deslauriers]

ghostscript (10.02.1~dfsg1-0ubuntu7.5) noble-security; urgency=medium

  * SECURITY UPDATE: Buffer overflow via serialization of DollarBlend
    - debian/patches/CVE-2025-27830.patch: fix potential Buffer overflow
      in base/write_t1.c, psi/zfapi.c.
    - CVE-2025-27830
  * SECURITY UPDATE: Text buffer overflow with long characters
    - debian/patches/CVE-2025-27831.patch: prevent Unicode decoding overrun
      in devices/vector/doc_common.c.
    - CVE-2025-27831
  * SECURITY UPDATE: Compression buffer overflow
    - debian/patches/CVE-2025-27832.patch: avoid integer overflow leading
      to buffer overflow in contrib/japanese/gdevnpdl.c.
    - CVE-2025-27832
  * SECURITY UPDATE: Buffer overflow with long TTF font name
    - debian/patches/CVE-2025-27833.patch: check TTF name size before
      copying to buffer in pdf/pdf_fmap.c.
    - CVE-2025-27833
  * SECURITY UPDATE: Buffer overflow caused by an oversized Type 4 function
    - debian/patches/CVE-2025-27834.patch: guard against unsigned int
      overflow in pdf/pdf_func.c.
    - CVE-2025-27834
  * SECURITY UPDATE: Buffer overflow when converting glyphs to unicode
    - debian/patches/CVE-2025-27835.patch: fix confusion between bytes and
      shorts in psi/zbfont.c.
    - CVE-2025-27835
  * SECURITY UPDATE: Print buffer overflow
    - debian/patches/CVE-2025-27836-1.patch: fix potential print buffer
      overflow in contrib/japanese/gdev10v.c.
    - debian/patches/CVE-2025-27836-2.patch: fix compiler warnings in
      contrib/japanese/gdev10v.c.
    - CVE-2025-27836

Date: 2025-03-25 19:39:12.478313+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.5
-------------- next part --------------
Sorry, changesfile not available.