New Debian ghostscript 10.0.0~dfsg-11+deb12u8 fixes: This update addresses the following issues: * A vulnerability was found in Artifex GhostPDL up to 3989415a5b8e99b9d1b87cc9902bde9b7cdea145. It has been classified as problematic. This affects the function pdf_ferror of the file devices/vector/gdevpdf.c of the component New Output File Open Error Handler. The manipulation leads to null pointer dereference. It is possible to initiate the attack remotely. The identifier of the patch is 619a106ba4c4abed95110f84d5efcd7aee38c7cb. It is recommended to apply a patch to fix this issue. (CVE-2025-7462) * Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdf_write_cmap in devices/vector/gdevpdtw.c. (CVE-2025-59798) * Artifex Ghostscript through 10.05.1 has a stack-based buffer overflow in pdfmark_coerce_dest in devices/vector/gdevpdfm.c via a large size value. (CVE-2025-59799)
--- mirror/ftp/pool/main/g/ghostscript/ghostscript_10.0.0~dfsg-11+deb12u7.dsc +++ apt/ucs_5.2-0-errata5.2-3/source/ghostscript_10.0.0~dfsg-11+deb12u8.dsc @@ -1,3 +1,11 @@ +10.0.0~dfsg-11+deb12u8 [Sun, 05 Oct 2025 10:11:09 +0200] Salvatore Bonaccorso <carnil@debian.org>: + + * Non-maintainer upload by the Security Team. + * Catch a null file pointer closing pdfwrite (CVE-2025-7462) + (Closes: #1109270) + * pdfwrite - bounds check some strings (CVE-2025-59799) (Closes: #1116443) + * pdfwrite - avoid buffer overrun (CVE-2025-59798) (Closes: #1116444) + 10.0.0~dfsg-11+deb12u7 [Wed, 26 Mar 2025 10:10:35 +0100] Salvatore Bonaccorso <carnil@debian.org>: * Non-maintainer upload by the Security Team. <http://piuparts.knut.univention.de/5.2-3/#2661522119532893772>
OK: bug OK: yaml OK: announce_errata OK: patch OK: piuparts [5.2-3] 73112e3a884 Bug #58709: ghostscript 10.0.0~dfsg-11+deb12u8 doc/errata/staging/ghostscript.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+)
<https://errata.software-univention.de/#/?erratum=5.2x253>