Name: | ghostscript-tools-printing |
---|---|
Version: | 9.25 |
Release: | 2.el8_0.2 |
Architecture: | x86_64 |
Group: | Unspecified |
Size: | 3492 |
License: | AGPLv3+ |
RPM: | ghostscript-tools-printing-9.25-2.el8_0.2.x86_64.rpm |
Source RPM: | ghostscript-9.25-2.el8_0.2.src.rpm |
Build Date: | Tue Aug 13 2019 |
Build Host: | jenkins-10-147-72-125-4a4e4fa3-0d58-4dbe-a557-9c572571bce0.appad1iad.osdevelopmeniad.oraclevcn.com |
Vendor: | Oracle America |
URL: | https://ghostscript.com/ |
Summary: | Ghostscript's printing utilities |
Description: | This package provides utilities for formatting and printing text files using either Ghostscript, or BubbleJet, DeskJet, DeskJet 500, and LaserJet printers. It also provides the utility 'pphs', which is useful for printing of Primary Hint Stream of a linearized PDF file. |
- Resolves: #1737336 - CVE-2019-10216 ghostscript: -dSAFER escape via .buildfont1 (701394)
- Resolves: #1692798 - CVE-2019-3839 ghostscript: missing attack vector protections for CVE-2019-6116 - Resolves: #1678170 - CVE-2019-3835 ghostscript: superexec operator is available (700585) - Resolves: #1691414 - CVE-2019-3838 ghostscript: forceput in DefineResource is still accessible (700576) - fix included for ghostscript: Regression: double comment chars '%' in gs_init.ps leading to missing metadata - fix for pdf2dsc regression added to allow fix for CVE-2019-3839
- Resolves: #1652937 - CVE-2018-19409 ghostscript: Improperly implemented security check in zsetdevice function in psi/zdevice.c - Resolves: #1642586 - CVE-2018-18073 ghostscript: saved execution stacks can leak operator arrays - Resolves: #1642580 - CVE-2018-17961 ghostscript: saved execution stacks can leak operator arrays (incomplete fix for CVE-2018-17183) - Resolves: #1642941 - CVE-2018-18284 ghostscript: 1Policy operator allows a sandbox protection bypass - Resolves: #1656336 - CVE-2018-19134 ghostscript: Type confusion in setpattern (700141) - Resolves: #1660571 - CVE-2018-19475 ghostscript: access bypass in psi/zdevice2.c (700153) - Resolves: #1660830 - CVE-2018-19476 ghostscript: access bypass in psi/zicc.c - Resolves: #1661280 - CVE-2018-19477 ghostscript: access bypass in psi/zfjbig2.c (700168) - Resolves: #1668891 - CVE-2019-6116 ghostscript: subroutines within pseudo-operators must themselves be pseudo-operators (700317)
- rebase to latest upstream version to fix issues discovered in previous CVE fixes (bug #1631701 and #1626997)
- rebase to latest upstream version, which contains important CVE fixes - additional ZER0-DAY fixes added
- ghostscript-9.23-002-fixes-for-set-of-CVEs-reported-by-Google.patch added
- One more rebuild for libidn ABI fix (BZ#'s 1573961 and 1566414)
- %conflicts_vers bumped to fix F27->F28 upgrade
- Fix for CVE-2018-10194 added (bug #1569821)
- Rebase to latest upstream version