[ol8_codeready_builder] libgs-devel-9.25-2.el8_0.3.i686

Name:	libgs-devel
Version:	9.25
Release:	2.el8_0.3
Architecture:	i686
Group:	Unspecified
Size:	38831
License:	AGPLv3+
RPM:	libgs-devel-9.25-2.el8_0.3.i686.rpm
Source RPM:	ghostscript-9.25-2.el8_0.3.src.rpm
Build Date:	Thu Sep 05 2019
Build Host:	jenkins-10-147-72-125-50460a65-d670-4771-8e76-69a6899c4c8e.appad1iad.osdevelopmeniad.oraclevcn.com
Vendor:	Oracle America
URL:	https://ghostscript.com/
Summary:	Development files for Ghostscript's library
Description:	This package contains development files that are useful for building packages against Ghostscript's library, which provides Ghostscript's core functionality.

Changelog (Show File list) (Show related packages)

Thu Aug 22 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.3

- Resolves: #1744010 - CVE-2019-14811 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdf_hook_DSC_Creator (701445)
- Resolves: #1744014 - CVE-2019-14812 ghostscript: Safer Mode Bypass by .forceput Exposure in setuserparams (701444)
- Resolves: #1744005 - CVE-2019-14813 ghostscript: Safer Mode Bypass by .forceput Exposure in setsystemparams (701443)
- Resolves: #1744230 - CVE-2019-14817 ghostscript: Safer Mode Bypass by .forceput Exposure in .pdfexectoken and other procedures (701450)

Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.2

- Resolves: #1737336 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

Thu Mar 28 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.1

- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
  protections for CVE-2019-6116
- Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
  is available (700585)
- Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
  is still accessible (700576)
- fix included for ghostscript: Regression: double comment chars
  '%' in gs_init.ps leading to missing metadata
- fix for pdf2dsc regression added to allow fix for CVE-2019-3839

Wed Jan 23 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2

- Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented
  security check in zsetdevice function in psi/zdevice.c
- Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks
  can leak operator arrays
- Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks
  can leak operator arrays (incomplete fix for CVE-2018-17183)
- Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator
  allows a sandbox protection bypass
- Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in
  setpattern (700141)
- Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in
  psi/zdevice2.c (700153)
- Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in
  psi/zicc.c
- Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in
  psi/zfjbig2.c (700168)
- Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within
  pseudo-operators must themselves be pseudo-operators (700317)

Mon Sep 24 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.25-1

- rebase to latest upstream version to fix issues discovered in previous CVE fixes (bug #1631701 and #1626997)

Fri Sep 07 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.24-1

- rebase to latest upstream version, which contains important CVE fixes
- additional ZER0-DAY fixes added

Wed Aug 29 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-5

- ghostscript-9.23-002-fixes-for-set-of-CVEs-reported-by-Google.patch added

Tue May 15 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-4
```
- One more rebuild for libidn ABI fix (BZ#'s 1573961 and 1566414)
```
Mon May 14 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-3
```
- %conflicts_vers bumped to fix F27->F28 upgrade
```
Mon Apr 23 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-2
```
- Fix for CVE-2018-10194 added (bug #1569821)
```