Opened 6 months ago
Closed 6 months ago
#20424 closed enhancement (fixed)
ghostscript-10.04.0
| Reported by: | Bruce Dubbs | Owned by: | Douglas R. Reno |
|---|---|---|---|
| Priority: | elevated | Milestone: | 12.3 |
| Component: | BOOK | Version: | git |
| Severity: | normal | Keywords: | |
| Cc: |
Description ¶
New minor version.
Change History (4)
comment:1 by , 6 months ago
| Priority: | normal → elevated |
|---|
comment:2 by , 6 months ago
| Owner: | changed from to |
|---|---|
| Status: | new → assigned |
comment:3 by , 6 months ago
Version 10.04.0 (2024-09-18)
Highlights in this release include:
- This release addresses CVEs: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955, CVE-2024-46956
- IMPORTANT: In this release (10.04.0) we have be added protection for device selection from PostScript input. This will mean that, by default, only the device specified on the command line will be permitted. Similar to the file permissions, there will be a "--permit-devices=" allowing a comma separation list of allowed devices. This will also take a single wildcard "*" allowing any device.
Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action to deal with this change.
The exception is "nulldevice", switching to that requires no special action.
- Our efforts in code hygiene and maintainability continue.
- The usual round of bug fixes, compatibility changes, and incremental improvements.
comment:4 by , 6 months ago
| Resolution: | → fixed |
|---|---|
| Status: | assigned → closed |
Fixed at 08793f87b55990630eeb1139b8955adb906e10b1
SA-12.2-012 issued
Note:
See TracTickets
for help on using tickets.
More CVE fixes...
Security Advisory September 18, 2024: Ghostscript/GhostPDL 10.04.0 release fixes: CVE-2024-46951, CVE-2024-46952, CVE-2024-46953, CVE-2024-46954, CVE-2024-46955 and CVE-2024-46956.