[ol8_appstream] ghostscript-x11-9.27-4.el8.x86_64

This package provides X11-based driver for Ghostscript, which enables displaying
of various document files (including PS and PDF).

Changelog (Show File list) (Show related packages)

• Mon Jul 25 2022 Richard Lescak <rlescak@redhat.com> - 9.27-4

  - changed requirement to jbig2dec-libs
  - Resolves: rhbz#2097515, rhbz#2097448

• Wed Jul 20 2022 Richard Lescak <rlescak@redhat.com> - 9.27-3

  - fixed drifting text to the right when printing
  - added Requirement for jbig2dec
  - added patch for CVE-2020-16301
  - Resolves: rhbz#2097515, rhbz#2097448

• Fri Jan 22 2021 Anna Khaitovich <akhaitov@redhat.com> - 9.27-2

  - tools-dvipdf: require /usr/bin/dvips not /usr/bin/dvips
  - Resolves: rhbz#1918937

• Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 9.27-1

  - Rebase to 9.27
  - Resolves: rhbz#1874523

• Tue Apr 07 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-7

  - 1813228 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER

• Thu Nov 07 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-6

  - 1769343 - CVE-2019-14869 - -dSAFER escape in .charkeys

• Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-5

  - Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
  - Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
  - Resolves: #1744006 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
  - Resolves: #1744231 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)

• Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-4

  - Resolves: #1737337 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

• Thu Mar 28 2019 Martin Osvald <mosvald@redhat.com> - 9.25-3

  - Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
    protections for CVE-2019-6116
  - Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
    is available (700585)
  - Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
    is still accessible (700576)
  - fix included for ghostscript: Regression: double comment chars
    '%' in gs_init.ps leading to missing metadata
  - fix for pdf2dsc regression added to allow fix for CVE-2019-3839

• Wed Jan 23 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2

  - Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented
    security check in zsetdevice function in psi/zdevice.c
  - Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks
    can leak operator arrays
  - Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks
    can leak operator arrays (incomplete fix for CVE-2018-17183)
  - Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator
    allows a sandbox protection bypass
  - Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in
    setpattern (700141)
  - Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in
    psi/zdevice2.c (700153)
  - Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in
    psi/zicc.c
  - Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in
    psi/zfjbig2.c (700168)
  - Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within
    pseudo-operators must themselves be pseudo-operators (700317)