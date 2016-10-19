Name : ghostscript

Product : Fedora 23

Version : 9.20

Release : 2.fc23

URL : http://www.ghostscript.com/

Summary : A PostScript interpreter and renderer

Description :

Ghostscript is a set of software that provides a PostScript

interpreter, a set of C procedures (the Ghostscript library, which

implements the graphics capabilities in the PostScript language) and

an interpreter for Portable Document Format (PDF) files. Ghostscript

translates PostScript code into many common, bitmapped formats, like

those understood by your printer or screen. Ghostscript is normally

used to display PostScript files and to print PostScript files to

non-PostScript printers.



If you need to display PostScript files or print them to

non-PostScript printers, you should install ghostscript. If you

install ghostscript, you also need to install the ghostscript-fonts

package.



-------------------------------------------------------------------------------

-

Update Information:



This is a rebase of **ghostscript** package, to address several security

issues:

* [CVE-2016-7977 ](https://bugzilla.redhat.com/show_bug.cgi?id=1380415) -

*.libfile does not honor -dSAFER* *

[CVE-2013-5653](https://bugzilla.redhat.com/show_bug.cgi?id=1380327) - *getenv

and filenameforall ignore -dSAFER* *

[CVE-2016-7976](https://bugzilla.redhat.com/show_bug.cgi?id=1382294) - *various

userparams allow %pipe% in paths, allowing remote shell* *

[CVE-2016-7978](https://bugzilla.redhat.com/show_bug.cgi?id=1382300) -

*reference leak in .setdevice allows use-after-free and remote code* *

[CVE-2016-7979](https://bugzilla.redhat.com/show_bug.cgi?id=1382305) - *Type

confusion in .initialize_dsc_parser allows remote code execution* -----------

#### INFORMATION FOR FEDORA PACKAGERS & MAINTAINERS: **ghostscript** has

been

rebased to latest upstream version (9.20). Rebase notes: * **no API/ABI

changes between versions 9.16 -> 9.20 according to upstream** * *OpenJPEG*

support has been retained * *ijs-config* custom tool from upstream has been

*removed* (by upstream) (*pkg-config* is used by default now instead, see

[commit

0c176a9](http://git.ghostscript.com/?p=ghostpdl.git;h=0c176a91d53c85cda)) *

some patches were updated to 'git format-patch' format & renamed

* rest of the

patches were deleted (irrelevant for current version), mostly because upstream

has fixed those issues in some way

-------------------------------------------------------------------------------

-

-------------------------------------------------------------------------------

-



-------------------------------------------------------------------------------

-

