[ubuntu/resolute-proposed] ghostscript 10.06.0~dfsg-3ubuntu1 (Accepted)

Simon Poirier simon.poirier at canonical.com
Tue Feb 17 13:49:21 UTC 2026 

ghostscript (10.06.0~dfsg-3ubuntu1) resolute; urgency=medium

  * Merge with Debian unstable (LP: #2130127). Remaining changes:
    - New re-packaging of Ghostscript 10.06.0, keeping the leptonica and
      tesseract convenience copies in as they are not in Ubuntu Main. Added
      appropriate remark to debian/copyright.
    - Also keep the lcms2mt convenience copy as it is heavily patched by
      Ghostscript's upstream developers, especially for multi-threading
      (mt) support.
    - Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug
      #1012254). Otherwise we get FTBFS on armhf.
  * Dropped delta merged upstream:
    - Removed use of sphinxcontrib.googleanalytics Sphinx extension, the     extension is not available in Ubuntu.
    - SECURITY UPDATE: Information Leak
      debian/patches/CVE-2025-48708.patch: Argument sanitization handle '#' as per '='
      CVE-2025-48708
    - SECURITY UPDATE: null pointer deref on file write failure
      debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
      pdfwrite in devices/vector/gdevpdf.c.
      CVE-2025-7462
    - SECURITY UPDATE: stack overflow in pdf_write_cmap
      debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
      and check return codes in devices/vector/gdevpdtw.c.
      CVE-2025-59798
    - SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
      debian/patches/CVE-2025-59799.patch: bounds check some strings in
      devices/vector/gdevpdfm.c.
      CVE-2025-59799
    - SECURITY UPDATE: heap overflow in ocr_begin_page
      debian/patches/CVE-2025-59800.patch: fix int overflow in
      devices/gdevpdfocr.c.
      CVE-2025-59800
    - Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP #2124948)
  * Build with fpic to avoid FTBFS

Date: Tue, 27 Jan 2026 22:07:12 -0500
Changed-By: Simon Poirier <simon.poirier at canonical.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Paride Legovini <paride at ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.06.0~dfsg-3ubuntu1
-------------- next part --------------
Format: 1.8
Date: Tue, 27 Jan 2026 22:07:12 -0500
Source: ghostscript
Built-For-Profiles: noudeb
Architecture: source
Version: 10.06.0~dfsg-3ubuntu1
Distribution: resolute
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Simon Poirier <simon.poirier at canonical.com>
Launchpad-Bugs-Fixed: 2130127
Changes:
 ghostscript (10.06.0~dfsg-3ubuntu1) resolute; urgency=medium
 .
   * Merge with Debian unstable (LP: #2130127). Remaining changes:
     - New re-packaging of Ghostscript 10.06.0, keeping the leptonica and
       tesseract convenience copies in as they are not in Ubuntu Main. Added
       appropriate remark to debian/copyright.
     - Also keep the lcms2mt convenience copy as it is heavily patched by
       Ghostscript's upstream developers, especially for multi-threading
       (mt) support.
     - Do not compile with Neon FPU support on 32-bit ARM (see also Debian bug
       #1012254). Otherwise we get FTBFS on armhf.
   * Dropped delta merged upstream:
     - Removed use of sphinxcontrib.googleanalytics Sphinx extension, the     extension is not available in Ubuntu.
     - SECURITY UPDATE: Information Leak
       debian/patches/CVE-2025-48708.patch: Argument sanitization handle '#' as per '='
       CVE-2025-48708
     - SECURITY UPDATE: null pointer deref on file write failure
       debian/patches/CVE-2025-7462.patch: catch a null file pointer closing
       pdfwrite in devices/vector/gdevpdf.c.
       CVE-2025-7462
     - SECURITY UPDATE: stack overflow in pdf_write_cmap
       debian/patches/CVE-2025-59798.patch: use dynamically allocated buffer
       and check return codes in devices/vector/gdevpdtw.c.
       CVE-2025-59798
     - SECURITY UPDATE: stack overflow in pdfmark_coerce_dest
       debian/patches/CVE-2025-59799.patch: bounds check some strings in
       devices/vector/gdevpdfm.c.
       CVE-2025-59799
     - SECURITY UPDATE: heap overflow in ocr_begin_page
       debian/patches/CVE-2025-59800.patch: fix int overflow in
       devices/gdevpdfocr.c.
       CVE-2025-59800
     - Build with -std=gnu17 to avoid FTBFS with GCC 15 (LP #2124948)
   * Build with fpic to avoid FTBFS
Checksums-Sha1:
 5e777befdbc29b91ab8cff406bf4c2de545e9553 2698 ghostscript_10.06.0~dfsg-3ubuntu1.dsc
 d35d69f1f0d315cb0812239c431bd997ef96ef3c 56736472 ghostscript_10.06.0~dfsg.orig.tar.xz
 0e03ca34d92885bef8031efcae74f454685b97c5 89692 ghostscript_10.06.0~dfsg-3ubuntu1.debian.tar.xz
 0b1236b1144d57d84df9ca0cbd0d7b3768139f1c 6466 ghostscript_10.06.0~dfsg-3ubuntu1_source.buildinfo
Checksums-Sha256:
 a7fcc4d1f7da2a13b1a1bcf6392f3c4da3db2d4618a96414b1cfb033a111a13b 2698 ghostscript_10.06.0~dfsg-3ubuntu1.dsc
 9dbe9aad29de32c4567d607a2ee255fd7e50fb593e86b29695ba1b8ecbf5e515 56736472 ghostscript_10.06.0~dfsg.orig.tar.xz
 6d31fbbe9a00785dc6e74e7a22c9804dfa956b5e18764971c8133290b667c29e 89692 ghostscript_10.06.0~dfsg-3ubuntu1.debian.tar.xz
 485fca17927d01502244f2632643cd39298e7eb57390b3e6c5c66f4ecac3aa70 6466 ghostscript_10.06.0~dfsg-3ubuntu1_source.buildinfo
Files:
 dedf9da99b5ff385350c1e8fe15d48d3 2698 text optional ghostscript_10.06.0~dfsg-3ubuntu1.dsc
 ec79de727e561c1fda707dceb0356e6f 56736472 text optional ghostscript_10.06.0~dfsg.orig.tar.xz
 58f8ef5c3a25742a87dd0084f3e1e8dc 89692 text optional ghostscript_10.06.0~dfsg-3ubuntu1.debian.tar.xz
 0b9f56491fe1c0ba2aa6a7cbcaa4cd14 6466 text optional ghostscript_10.06.0~dfsg-3ubuntu1_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>
Vcs-Git: https://git.launchpad.net/~paride/ubuntu/+source/ghostscript
Vcs-Git-Commit: 5e4b9007421668407fa7cf4aec7cb46a6b62dd7c
Vcs-Git-Ref: refs/heads/merge/lp2130127

More information about the Resolute-changes mailing list