Bug#944760: ghostscript: CVE-2019-14869

[Salvatore Bonaccorso <carnil@debian.org>]

Source: ghostscript
Version: 9.50~dfsg-2
Severity: grave
Tags: security upstream
Control: found -1 9.26a~dfsg-0+deb9u5
Control: found -1 9.26a~dfsg-0+deb9u1
Control: found -1 9.27~dfsg-2+deb10u2
Control: found -1 9.27~dfsg-1
Control: found -1 9.27~dfsg-3.1
Control: fixed -1 9.26a~dfsg-0+deb9u6
Control: fixed -1 9.27~dfsg-2+deb10u3

Hi,

The following vulnerability was published for ghostscript. I can agree
the severity is not exaclty matching, as for 9.50 itself, it's not
anymore directly exploitable (unless with -dOLDSAFER). Still it cannot
be considred fixed, only after applying [1].

CVE-2019-14869[0]:
|-dSAFER escape in .charkeys

If you fix the vulnerability please also make sure to include the
CVE (Common Vulnerabilities & Exposures) id in your changelog entry.

For further information see:

[0] https://security-tracker.debian.org/tracker/CVE-2019-14869
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14869
[1] https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904772c5f0aa1140032746e5a0abf
[2] https://bugs.ghostscript.com/show_bug.cgi?id=701841

Regards,
Salvatore