[ol7_optional_latest] ghostscript-doc-9.07-31.el7_6.10.noarch

The documentation files that come with ghostscript.

Changelog (Show File list) (Show related packages)

• Tue Jan 29 2019 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.10

  - Resolves: #1673915 - ghostscript: Regression: double comment chars
    '%' in gs_init.ps leading to missing metadata
  - Resolves: #1678171 - CVE-2019-3835 ghostscript: superexec operator
    is available (700585)
  - Resolves: #1680025 - CVE-2019-3838 ghostscript: forceput in DefineResource
    is still accessible (700576)

• Thu Jan 24 2019 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.9

  - Related: #1667442 - CVE-2019-6116 - added missing parts of patch

• Fri Jan 18 2019 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.8

  - Resolves: #1667442 - CVE-2019-6116 ghostscript: subroutines within
    pseudo-operators must themselves be pseudo-operators

• Thu Dec 20 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.7

  - Resolves: #1665919 pdf2ps reports an error when reading from stdin
  - Resolves: #1657333 - CVE-2018-16540 ghostscript: use-after-free in
    copydevice handling (699661)
  - Resolves: #1660569 - CVE-2018-19475 ghostscript: access bypass in
    psi/zdevice2.c (700153)
  - Resolves: #1660828 - CVE-2018-19476 ghostscript: access bypass in
    psi/zicc.c
  - Resolves: #1661278 - CVE-2018-19477 ghostscript: access bypass in
    psi/zfjbig2.c (700168)

• Mon Dec 10 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.6

  - Resolves: #1657822 - ghostscript: Regression: Warning: Dropping incorrect
    smooth shading object (Error: /rangecheck in --run--)

• Wed Dec 05 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.5

  - Resolves: #1654621 - CVE-2018-16541 ghostscript: incorrect free logic in
    pagedevice replacement (699664)
  - Resolves: #1650210 - CVE-2018-17183 ghostscript: User-writable error
    exception table
  - Resolves: #1645516 - CVE-2018-18073 ghostscript: saved execution stacks
    can leak operator arrays
  - Resolves: #1648891 - CVE-2018-17961 ghostscript: saved execution stacks
    can leak operator arrays (incomplete fix for CVE-2018-17183)
  - Resolves: #1643115 - CVE-2018-18284 ghostscript: 1Policy operator
    allows a sandbox protection bypass
  - Resolves: #1655937 - CVE-2018-19134 ghostscript: Type confusion in
    setpattern (700141)

• Thu Nov 29 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.4

  - Resolves: #1651149 - CVE-2018-15911 ghostscript: uninitialized memory
    access in the aesdecode operator (699665)
  - Resolves: #1650060 - CVE-2018-16802 ghostscript: Incorrect "restoration of
    privilege" checking when running out of stack during exception handling
  - Resolves: #1652935 - CVE-2018-19409 ghostscript: Improperly implemented
    security check in zsetdevice function in psi/zdevice.c

• Wed Nov 28 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.3

  - Resolves: #1654290 ghostscript update breaks xdvi (gs: Error: /undefined in flushpage)

• Mon Nov 26 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.2

  - Resolves: #1652901 - CVE-2018-16863 ghostscript: incomplete fix for
    CVE-2018-16509

• Wed Nov 14 2018 Martin Osvald <mosvald@redhat.com> - 9.07-31.el7_6.1

  - Remove as many non-standard operators as possible to make the codebase
    closer to upstream for later CVEs
  - Resolves: #1621383 - CVE-2018-16511 ghostscript: missing type check in type
    checker (699659)
  - Resolves: #1649721 - CVE-2018-16539 ghostscript: incorrect access checking
    in temp file handling to disclose contents of files (699658) 
  - Resolves: #1621159 - CVE-2018-15908 ghostscript: .tempfile file permission
    issues (699657)
  - Resolves: #1621381 - CVE-2018-15909 ghostscript: shading_param incomplete
    type checking (699660)