Bug#897188: stretch-pu: package ghostscript/9.20~dfsg-3.2+deb9u2
Control: tags -1 + confirmed
On Sun, 2018-04-29 at 20:43 +0200, Salvatore Bonaccorso wrote:
> I would like to propose the following ghostscript update via a
> stretch
> point release. It adresses two CVEs which do not warrant a DSA on
> it's
> own but would still be good to be adressed in stable.
>
> It adresses:
> - CVE-2018-10194 / 896069. Triggering the poc was not possible here
> but the fix consist of doing an additional check in
> set_text_distance function.
> - CVE-2016-10317, testing happened with the fixed version against
> the
> provided poc. The fix requires a previous prerequisite change.
>
Please go ahead; sorry for the delay.
Regards,
Adam
Reply to: