Context Navigation

← Previous Ticket
Next Ticket →

#19423 closed enhancement (fixed)

ghostscript-10.03.0

Reported by:	ken@…	Owned by:	ken@…
Priority:	elevated	Milestone:	12.2
Component:	BOOK	Version:	git
Severity:	normal	Keywords:
Cc:

Description

Noticed on the tex-live list, pasted from gs-devel:

... Announcing the release of GPL Ghostscript 10.03.0 and GhostPDL 10.03.0 from Artifex Software.

Get it here:

https://ghostscript.com/releases/index.html

For a release summary see:

https://ghostscript.readthedocs.io/en/gs10.03.0/News.html

Note: There was an aribtrary code execution issue (related to the tesseract library) fixed in this release, so we recommend anyone whose build(s) include the OCR devices to update as soon as possible. ...

Note that tesseract source (for OCR) is included in the ghostscript source and compiled when using our current instructions.

Change History (3)

comment:1 by Xi Ruoyao, 7 weeks ago

Highlights in this release include:

A vulnerability was identified in the way Ghostscript/GhostPDL called tesseract for the OCR devices, which could allow arbitrary code execution. As as result, we strongly urge anyone including the OCR devices in their build to update as soon as possible.
As of this release (10.03.0) pdfwrite creates PDF files with XRef streams and ObjStm streams. This can result in considerably smaller PDF output files. See Vector Devices for more details.
Ghostscript/pdfwrite now supports passing through PDF "Optional Content".

Our efforts in code hygiene and maintainability continue.

The usual round of bug fixes, compatibility changes, and incremental improvements.
(9.53.0) We have added the capability to build with the Tesseract OCR engine. In such a build, new devices are available (pdfocr8/pdfocr24/pdfocr32) which render the output file to an image, OCR that image, and output the image "wrapped" up as a PDF file, with the OCR generated text information included as "invisible" text (in PDF terms, text rendering mode 3).

Mainly due to time constraints, we only support including Tesseract from source included in our release packages, and not linking to Tesseract/Leptonica shared libraries. Whether we add this capability will be largely dependent on community demand for the feature.

comment:2 by ken@…, 7 weeks ago

Book updated at sha:r12.1-94-g469426fed30a

comment:3 by ken@…, 7 weeks ago

Resolution:	→ fixed
Status:	assigned → closed

Security Advisory SA 12.1-006 created.

Note: See TracTickets for help on using tickets.

Download in other formats: