From 21d9162dd33c918629dd3d402942607101fbf7fb Mon Sep 17 00:00:00 2001 From: Salvatore Bonaccorso Date: Tue, 16 Apr 2019 22:00:37 +0200 Subject: [DSA 4432-1] ghostscript security update --- english/security/2019/dsa-4432.data | 13 +++++++++++++ english/security/2019/dsa-4432.wml | 19 +++++++++++++++++++ 2 files changed, 32 insertions(+) create mode 100644 english/security/2019/dsa-4432.data create mode 100644 english/security/2019/dsa-4432.wml diff --git a/english/security/2019/dsa-4432.data b/english/security/2019/dsa-4432.data new file mode 100644 index 00000000000..6db132fd9e0 --- /dev/null +++ b/english/security/2019/dsa-4432.data @@ -0,0 +1,13 @@ +DSA-4432-1 ghostscript +2019-4-16 +CVE-2019-3835 CVE-2019-3838 Bug#925256 Bug#925257 +ghostscript +yes +yes +no + +#use wml::debian::security + + + + diff --git a/english/security/2019/dsa-4432.wml b/english/security/2019/dsa-4432.wml new file mode 100644 index 00000000000..64950b4d052 --- /dev/null +++ b/english/security/2019/dsa-4432.wml @@ -0,0 +1,19 @@ +security update + +

Cedric Buissart discovered two vulnerabilities in Ghostscript, the GPL +PostScript/PDF interpreter, which could result in bypass of file system +restrictions of the dSAFER sandbox.

+ +

For the stable distribution (stretch), these problems have been fixed in +version 9.26a~dfsg-0+deb9u2.

+ +

We recommend that you upgrade your ghostscript packages.

+ +

For the detailed security status of ghostscript please refer to its +security tracker page at: +https://security-tracker.debian.org/tracker/ghostscript

+ + +# do not modify the following line +#include "$(ENGLISHDIR)/security/2019/dsa-4432.data" +# $Id: $ -- cgit v1.2.3