-
Mon Jul 25 2022 Richard Lescak <rlescak@redhat.com> - 9.27-4
- changed requirement to jbig2dec-libs
- Resolves: rhbz#2097515, rhbz#2097448
-
Wed Jul 20 2022 Richard Lescak <rlescak@redhat.com> - 9.27-3
- fixed drifting text to the right when printing
- added Requirement for jbig2dec
- added patch for CVE-2020-16301
- Resolves: rhbz#2097515, rhbz#2097448
-
Fri Jan 22 2021 Anna Khaitovich <akhaitov@redhat.com> - 9.27-2
- tools-dvipdf: require /usr/bin/dvips not /usr/bin/dvips
- Resolves: rhbz#1918937
-
Tue Sep 01 2020 Anna Khaitovich <akhaitov@redhat.com> - 9.27-1
- Rebase to 9.27
- Resolves: rhbz#1874523
-
Tue Apr 07 2020 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-7
- 1813228 - ghostscript fontconfig support broken when gs used with -dSAFER/-dPARANOIDSAFER
-
Thu Nov 07 2019 Zdenek Dohnal <zdohnal@redhat.com> - 9.25-6
- 1769343 - CVE-2019-14869 - -dSAFER escape in .charkeys
-
Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-5
- Resolves: #1744011 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744015 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
- Resolves: #1744006 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
- Resolves: #1744231 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)
-
Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-4
- Resolves: #1737337 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
-
Thu Mar 28 2019 Martin Osvald <mosvald@redhat.com> - 9.25-3
- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
protections for CVE-2019-6116
- Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
is available (700585)
- Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
is still accessible (700576)
- fix included for ghostscript: Regression: double comment chars
'%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839
-
Wed Jan 23 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2
- Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented
security check in zsetdevice function in psi/zdevice.c
- Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks
can leak operator arrays
- Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks
can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator
allows a sandbox protection bypass
- Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in
setpattern (700141)
- Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in
psi/zdevice2.c (700153)
- Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in
psi/zicc.c
- Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in
psi/zfjbig2.c (700168)
- Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within
pseudo-operators must themselves be pseudo-operators (700317)