-
Wed Sep 04 2024 Sourav Sharma <sourav.ss.sharma@oracle.com> - 9.25-5.0.1
- Fixes CVE-2024-33871 OPVP device arbitrary code execution via custom Driver library
-
Tue Mar 31 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-5
- 1812284 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER
-
Fri Nov 08 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-4
- 1769341 - CVE-2019-14869 ghostscript: -dSAFER escape in .charkeys
-
Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-3
- Resolves: #1737339 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
- Resolves: #1744009 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744013 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
- Resolves: #1744004 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
- Resolves: #1744229 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)
-
Tue Apr 02 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2
- obsoleted old ghostscript-devel to allow clean upgrade to libgs-devel
-
Thu Feb 14 2019 Martin Osvald <mosvald@redhat.com> - 9.25-1
- Rebase to latest upstream version (bug #1636115)
- Resolves: #1673399 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678172 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1680026 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839
-
Wed Jan 16 2019 Martin Osvald <mosvald@redhat.com> - 9.07-32
- Remove as many non-standard operators as possible to make the codebase
closer to upstream for later CVEs
- Resolves: #1621385 - CVE-2018-16511 ghostscript: missing type check in type
checker (699659)
- Resolves: #1649722 - CVE-2018-16539 ghostscript: incorrect access checking
in temp file handling to disclose contents of files (699658)
- Resolves: #1621162 - CVE-2018-15908 ghostscript: .tempfile file permission
issues (699657)
- Resolves: #1621384 - CVE-2018-15909 ghostscript: shading_param incomplete
type checking (699660)
- Resolves: #1652902 - CVE-2018-16863 ghostscript: incomplete fix for
CVE-2018-16509
- Resolves: #1654045 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)
- Resolves: #1651150 - CVE-2018-15911 ghostscript: uninitialized memory
access in the aesdecode operator (699665)
- Resolves: #1650061 - CVE-2018-16802 ghostscript: Incorrect "restoration of
privilege" checking when running out of stack during exception handling
- Resolves: #1652936 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
- Resolves: #1654622 - CVE-2018-16541 ghostscript: incorrect free logic in
pagedevice replacement (699664)
- Resolves: #1650211 - CVE-2018-17183 ghostscript: User-writable error
exception table
- Resolves: #1645517 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1648892 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1643117 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1655939 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
- Resolves: #1657694 - ghostscript: Regression: Warning: Dropping incorrect
smooth shading object (Error: /rangecheck in --run--)
- Resolves: #1661210 pdf2ps reports an error when reading from stdin
- Resolves: #1657334 - CVE-2018-16540 ghostscript: use-after-free in
copydevice handling (699661)
- Resolves: #1660570 - CVE-2018-19475 ghostscript: access bypass in
psi/zdevice2.c (700153)
- Resolves: #1660829 - CVE-2018-19476 ghostscript: access bypass in
psi/zicc.c
- Resolves: #1661279 - CVE-2018-19477 ghostscript: access bypass in
psi/zfjbig2.c (700168)
- Resolves: #1667443 - CVE-2019-6116 ghostscript: subroutines within
pseudo-operators must themselves be pseudo-operators
- Resolves: #1670443 - ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
-
Mon Sep 10 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-31
- Added security fixes for:
- CVE-2018-16509 (bug #1621158)
- CVE-2018-15910 (bug #1621160)
- CVE-2018-16542 (bug #1621382)
-
Tue Apr 17 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-30
- Fix MediaPosition, ManualFeed and MediaType with pxl devices (bug #1551782)
-
Tue Jul 25 2017 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.07-29
- Fix rare Segmentation fault when converting PDF to PNG (bug #1473337)
- Raise the default VMThreshold from 1Mb to 8Mb (bug #1479852)