[Git][security-tracker-team/security-tracker][master] 2 commits: Add new ghostscript issues

Mon Mar 17 21:55:34 GMT 2025


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
2794ad62 by Salvatore Bonaccorso at 2025-03-17T22:53:26+01:00
Add new ghostscript issues

- - - - -
9ec1c064 by Salvatore Bonaccorso at 2025-03-17T22:54:19+01:00
Add ghostscript

- - - - -


2 changed files:

- data/CVE/list
- data/dsa-needed.txt


Changes:

=====================================
data/CVE/list
=====================================
@@ -42364,6 +42364,39 @@ CVE-2024-10108 (The WPAdverts \u2013 Classifieds Plugin plugin for WordPress is
 	NOT-FOR-US: WordPress plugin
 CVE-2023-5816 (The Code Explorer plugin for WordPress is vulnerable to arbitrary exte ...)
 	NOT-FOR-US: WordPress plugin
+CVE-2025-27834
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708253
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=ef42ff180a04926e187d40faea40d4a43e304e3b (ghostpdl-10.05.0rc1)
+CVE-2025-27837
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708238
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=dbb9f2b11f820697e77863523a8d835ab040e5d1 (ghostpdl-10.05.0rc1)
+	TODO: check, possibly Windows specific
+CVE-2025-27833
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708259
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=a82738e387bbb44c7c4698404776dca53f62b158 (ghostpdl-10.05.0rc1)
+CVE-2025-27830
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708241
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8474e1d6b896e35741d3c608ea5c21deeec1078f (ghostpdl-10.05.0rc1)
+CVE-2025-27836
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708192
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=8b6d19b2b4079da6863ef25f2370f25d4b054919 (ghostpdl-10.05.0rc1)
+CVE-2025-27831
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708132
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=d6e713dda4f8d75c6a4ed8c7568a0d4f532dcb17 (ghostpdl-10.05.0rc1)
+CVE-2025-27832
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708133
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=57291c846334f1585552010faa42d7cb2cbd5c41 (ghostpdl-10.05.0rc1)
+CVE-2025-27835
+	- ghostscript 10.05.0~dfsg-1
+	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=708131
+	NOTE: https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=de900010a6f2310d1fd54e99eeba466693da0e13 (ghostpdl-10.05.0rc1)
 CVE-2024-46956 (An issue was discovered in psi/zfile.c in Artifex Ghostscript before 1 ...)
 	{DSA-5808-1 DLA-3965-1}
 	- ghostscript 10.04.0~dfsg-1


=====================================
data/dsa-needed.txt
=====================================
@@ -18,6 +18,9 @@ frr
 gh
   Santiago Vila might work on preparing an update
 --
+ghostscript (carnil)
+  Might be postponed for point release
+--
 jetty9
 --
 jpeg-xl



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2bfe395e0f3f820a2ddcb5e1db686638903e9da...9ec1c064a9eff6bb43c83a4a6a4d7fa4eb3a56ff

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/compare/f2bfe395e0f3f820a2ddcb5e1db686638903e9da...9ec1c064a9eff6bb43c83a4a6a4d7fa4eb3a56ff
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250317/6ac0f0f9/attachment.htm>
