This bug was fixed in the package ghostscript - 9.25~dfsg+1-0ubuntu1
---------------
ghostscript (9.25~dfsg+1-0ubuntu1) cosmic; urgency=medium
* New upstream bug fix release
Highlights:
- Highly recommended by upstream, release done to fix regressions in 9.24.
- This release fixes problems with argument handling, some unintended
results of the security fixes to the SAFER file access restrictions
(specifically accessing ICC profile files), and some additional security
issues over the recent 9.24 release.
- Note: The ps2epsi utility does not, and cannot call Ghostscript with
the -dSAFER command line option. It should never be called with input
from untrusted sources.
* Removed patch 020180906-bc3df07-*.patch backported from upstream.
* Refreshed patches 2003_support_multiarch.patch and
2007_suggest_install_ghostscript-doc_in_code.patch with quilt.
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <[email protected]> Thu, 13 Sep 2018 20:27:06
+0200
** Changed in: ghostscript (Ubuntu)
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to ghostscript in Ubuntu.
https://bugs.launchpad.net/bugs/1791279
Title:
[FFe] Ghostscript 9.24 - Highly recommended by upstream for security
Status in ghostscript package in Ubuntu:
Fix Released
Bug description:
Artifex announced their Ghostscript 9.24 release as follows:
----------
Artifex Software, Inc. is happy to announce the release of
GPL Ghostscript 9.24 and GhostPDL 9.24.
Note that due to some recently discovered security related issues, we
strongly recommend updating installations to 9.24, as soon as possible.
----------
And in the release notes on
https://www.ghostscript.com/doc/9.24/News.htm
they write:
----------
Security issues have been the primary focus of this release, including
solving several (well publicised) real and potential exploits.
PLEASE NOTE: We strongly urge users to upgrade to this latest release to
avoid these issues.
----------
I also talked with the Canonical/Ubuntu security team and Steve
Beattie writes
----------
Yes, that would be great if we could move ghostscript forward in
cosmic to the 9.24 version. Happy to add the Security Team's support for
this in a FFE bg report, if needed.
----------
Therefore I want to upgrade Cosmic's Ghostscript (currently 9.23) to
version 9.24.
Asummary of the changes in the new version you find on
https://www.ghostscript.com/doc/9.24/News.htm
Details you can see on
https://www.ghostscript.com/doc/9.24/History9.htm#Version9.24
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ghostscript/+bug/1791279/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
