openRuyi-tutorials/buildroot
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

package/ghostscript: security bump to version 10.05.0

Browse Source 
Fixes the following security issues:

- CVE-2025-27830: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs during serialization of DollarBlend in
  a font, for base/write_t1.c and psi/zfapi.c.

- CVE-2025-27831: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The DOCXWRITE TXTWRITE device has a text buffer overflow via
  long characters to devices/vector/doc_common.c.

- CVE-2025-27832: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The NPDL device has a Compression buffer overflow for
  contrib/japanese/gdevnpdl.c.

- CVE-2025-27833: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs for a long TTF font name to
  pdf/pdf_fmap.c.

- CVE-2025-27834: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs via an oversized Type 4 function in a
  PDF document to pdf/pdf_func.c.

- CVE-2025-27835: An issue was discovered in Artifex Ghostscript before
  10.05.0.  A buffer overflow occurs when converting glyphs to Unicode in
  psi/zbfont.c.

- CVE-2025-27836: An issue was discovered in Artifex Ghostscript before
  10.05.0.  The BJ10V device has a Print buffer overflow in
  contrib/japanese/gdev10v.c.

- CVE-2025-27837: An issue was discovered in Artifex Ghostscript before
  10.05.0.  Access to arbitrary files can occur through a truncated path
  with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.

https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Peter Korsgaard
2025-04-14 22:53:58 +02:00
committed by Julien Olivain
parent efdf0cdbcb
commit 9abf662cfd
2 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
package/ghostscript/ghostscript.hash
View File

@@ -1,5 +1,5 @@
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10040/SHA512SUMS
sha512 2e711f8ba86491570684f13851190f41e6eee87dcfacce0a4adfd09a4523abf2e0b6727f0958ee2683834218f5705675b531fd2419cb7fc314ed4becf51f3ce3 ghostscript-10.04.0.tar.xz
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs10050/SHA512SUMS
sha512 5a8695726ea2c70fd153bac47696c9e9046e9f74eccf8eea500794f79f09d5d2be70597c9d85c0b51b71d46d7974f50c5c9e3b0e242816bb84e64f1098a306a6 ghostscript-10.05.0.tar.xz
# Hash for license file:
sha256 8ce064f423b7c24a011b6ebf9431b8bf9861a5255e47c84bfb23fc526d030a8b LICENSE

2
package/ghostscript/ghostscript.mk
View File

@@ -4,7 +4,7 @@
#
################################################################################
GHOSTSCRIPT_VERSION = 10.04.0
GHOSTSCRIPT_VERSION = 10.05.0
GHOSTSCRIPT_SOURCE = ghostscript-$(GHOSTSCRIPT_VERSION).tar.xz
GHOSTSCRIPT_SITE = https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs$(subst .,,$(GHOSTSCRIPT_VERSION))
GHOSTSCRIPT_LICENSE = AGPL-3.0