[ol8_codeready_builder] ghostscript-tools-printing-9.25-2.el8_0.2.x86_64

This package provides utilities for formatting and printing text files using
either Ghostscript, or BubbleJet, DeskJet, DeskJet 500, and LaserJet printers.

It also provides the utility 'pphs', which is useful for printing of Primary
Hint Stream of a linearized PDF file.

Changelog (Show File list) (Show related packages)

• Mon Aug 05 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.2

  - Resolves: #1737336 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)

• Thu Mar 28 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2.1

  - Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector
    protections for CVE-2019-6116
  - Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator
    is available (700585)
  - Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource
    is still accessible (700576)
  - fix included for ghostscript: Regression: double comment chars
    '%' in gs_init.ps leading to missing metadata
  - fix for pdf2dsc regression added to allow fix for CVE-2019-3839

• Wed Jan 23 2019 Martin Osvald <mosvald@redhat.com> - 9.25-2

  - Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented
    security check in zsetdevice function in psi/zdevice.c
  - Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks
    can leak operator arrays
  - Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks
    can leak operator arrays (incomplete fix for CVE-2018-17183)
  - Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator
    allows a sandbox protection bypass
  - Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in
    setpattern (700141)
  - Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in
    psi/zdevice2.c (700153)
  - Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in
    psi/zicc.c
  - Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in
    psi/zfjbig2.c (700168)
  - Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within
    pseudo-operators must themselves be pseudo-operators (700317)

• Mon Sep 24 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.25-1

  - rebase to latest upstream version to fix issues discovered in previous CVE fixes (bug #1631701 and #1626997)

• Fri Sep 07 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.24-1

  - rebase to latest upstream version, which contains important CVE fixes
  - additional ZER0-DAY fixes added

• Wed Aug 29 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-5

  - ghostscript-9.23-002-fixes-for-set-of-CVEs-reported-by-Google.patch added

• Tue May 15 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-4

  - One more rebuild for libidn ABI fix (BZ#'s 1573961 and 1566414)

• Mon May 14 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-3

  - %conflicts_vers bumped to fix F27->F28 upgrade

• Mon Apr 23 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-2

  - Fix for CVE-2018-10194 added (bug #1569821)

• Wed Mar 21 2018 David Kaspar [Dee'Kej] <dkaspar@redhat.com> - 9.23-1

  - Rebase to latest upstream version