RedHat has issued an advisory today (November 14): https://access.redhat.com/errata/RHSA-2019:3888 The issue is fixed upstream in 9.28.
Assigning this globally as ghostscript hazs no registered maintainer.
Assignee: bugsquad => pkg-bugs
Suggested advisory: ======================== The updated packages fix a security vulnerability: -dSAFER escape in .charkeys. (CVE-2019-14869) References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14869 https://access.redhat.com/errata/RHSA-2019:3888 https://www.openwall.com/lists/oss-security/2019/11/15/1 ======================== Updated packages in core/updates_testing: ======================== ghostscript-9.27-1.4.mga7 ghostscript-dvipdf-9.27-1.4.mga7 ghostscript-common-9.27-1.4.mga7 ghostscript-X-9.27-1.4.mga7 ghostscript-module-X-9.27-1.4.mga7 lib(64)gs9-9.27-1.4.mga7 lib(64)gs-devel-9.27-1.4.mga7 lib(64)ijs1-0.35-147.4.mga7 lib(64)ijs-devel-0.35-147.4.mga7 ghostscript-doc-9.27-1.4.mga7 from SRPMS: ghostscript-9.27-1.4.mga7.src.rpm
CC: (none) => nicolas.salgueroStatus: NEW => ASSIGNEDCVE: (none) => CVE-2019-14869Assignee: pkg-bugs => qa-bugs
More info about this issue: https://www.openwall.com/lists/oss-security/2019/11/15/1
MGA7-64 Plasma on Lenovo B50 No installation issues; refbug 25379 Comment 4 for tests $ gs --version 9.27 Downloaded two dvi files from http://ctan.math.illinois.edu/support/hypertex/hypertex/#examples Opening these with Okular took too long for my patience, so went on: $ dvipdf thm.dvi thm.pdf Page 1 may be too complex to print Page 2 may be too complex to print Warning: no %%Page comments generated. and $ dvipdf hharvsamp.dvi hharvsamp.pdf Page 0 may be too complex to print Page 1 may be too complex to print Page 2 may be too complex to print Page 3 may be too complex to print Page 5 may be too complex to print Warning: no %%Page comments generated. Both produced credible pdf documents Had also MCC- Hardware Printer detecting my HP Officejet 8100, seems to work OK.
Whiteboard: (none) => MGA7-64-OKCC: (none) => herman.viaene
Checked for clean install on my Dell Inspiron 5100 Xfce system, since I had it handy. The following 4 packages are going to be installed: - ghostscript-9.27-1.4.mga7.i586 - ghostscript-common-9.27-1.4.mga7.i586 - ghostscript-module-X-9.27-1.4.mga7.i586 - libgs9-9.27-1.4.mga7.i586 All packages installed cleanly. Downloaded a pdf and opened it with atril document viewer, and it looked good. OK for 32-bit. Validating. Advisory in Comment 2.
CC: (none) => andrewsfarm, sysadmin-bugsWhiteboard: MGA7-64-OK => MGA7-64-OK MGA7-32-OKKeywords: (none) => validated_update
Keywords: (none) => advisoryCC: (none) => tmb
An update for this issue has been pushed to the Mageia Updates repository. https://advisories.mageia.org/MGASA-2019-0336.html
Resolution: (none) => FIXEDStatus: ASSIGNED => RESOLVED