[ubuntu/questing-proposed] ghostscript 10.05.0dfsg1-0ubuntu4 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Thu Sep 25 18:15:43 UTC 2025 

ghostscript (10.05.0dfsg1-0ubuntu4) questing; urgency=medium

  * SECURITY UPDATE: null pointer deref on file write failure
    - debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
      pdfwrite in devices/vector/gdevpdf.c.
    - CVE-2025-7462
  * SECURITY UPDATE: stack overflow in pdf_write_cmap
    - debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
      and check return codes in devices/vector/gdevpdtw.c.
    - CVE-2025-59798
  * SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
    - debian/patches/CVE-2025-59799.patch: bounds check some strings in
      devices/vector/gdevpdfm.c.
    - CVE-2025-59799
  * SECURITY UPDATE: heap overflow in ocr_begin_page
    - debian/patches/CVE-2025-59800.patch: fix int overflow in
      devices/gdevpdfocr.c.
    - CVE-2025-59800

Date: Thu, 25 Sep 2025 12:14:26 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.05.0dfsg1-0ubuntu4
-------------- next part --------------
Format: 1.8
Date: Thu, 25 Sep 2025 12:14:26 -0400
Source: ghostscript
Built-For-Profiles: noudeb
Architecture: source
Version: 10.05.0dfsg1-0ubuntu4
Distribution: questing
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Changes:
 ghostscript (10.05.0dfsg1-0ubuntu4) questing; urgency=medium
 .
   * SECURITY UPDATE: null pointer deref on file write failure
     - debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
       pdfwrite in devices/vector/gdevpdf.c.
     - CVE-2025-7462
   * SECURITY UPDATE: stack overflow in pdf_write_cmap
     - debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
       and check return codes in devices/vector/gdevpdtw.c.
     - CVE-2025-59798
   * SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
     - debian/patches/CVE-2025-59799.patch: bounds check some strings in
       devices/vector/gdevpdfm.c.
     - CVE-2025-59799
   * SECURITY UPDATE: heap overflow in ocr_begin_page
     - debian/patches/CVE-2025-59800.patch: fix int overflow in
       devices/gdevpdfocr.c.
     - CVE-2025-59800
Checksums-Sha1:
 3fa856d209b9b67b3aeb23cd6c2652f9d210a3dc 2954 ghostscript_10.05.0dfsg1-0ubuntu4.dsc
 f4949181ebe877a8842285b654f2ec3af8ff0618 91168 ghostscript_10.05.0dfsg1-0ubuntu4.debian.tar.xz
 df937717c646d83327beaaf65d8278e691abe3c3 16808 ghostscript_10.05.0dfsg1-0ubuntu4_source.buildinfo
Checksums-Sha256:
 0d4e13a8c3cbbab16023c60494545335a88b8dbac8700538ca873a0fdea813df 2954 ghostscript_10.05.0dfsg1-0ubuntu4.dsc
 0ad280ad6cc4b7cd07045f61a505a48852b27a72c93041d4a75af99c077109b1 91168 ghostscript_10.05.0dfsg1-0ubuntu4.debian.tar.xz
 427b95cc7865a514f634083d1b3c0ebc4a97445f0c51536a97bf9010b7c64a02 16808 ghostscript_10.05.0dfsg1-0ubuntu4_source.buildinfo
Files:
 94f70f9edc432b19decae78a29c80da1 2954 text optional ghostscript_10.05.0dfsg1-0ubuntu4.dsc
 ab0a11944f4b43cec45a0b8bba641850 91168 text optional ghostscript_10.05.0dfsg1-0ubuntu4.debian.tar.xz
 8d3b1aba91553d019557f9ecf6f8eb4a 16808 text optional ghostscript_10.05.0dfsg1-0ubuntu4_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

More information about the Questing-changes mailing list