package/ghostscript: security bump to version 10.05.0
Fixes the following security issues:
- CVE-2025-27830: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs during serialization of DollarBlend in
a font, for base/write_t1.c and psi/zfapi.c.
- CVE-2025-27831: An issue was discovered in Artifex Ghostscript before
10.05.0. The DOCXWRITE TXTWRITE device has a text buffer overflow via
long characters to devices/vector/doc_common.c.
- CVE-2025-27832: An issue was discovered in Artifex Ghostscript before
10.05.0. The NPDL device has a Compression buffer overflow for
contrib/japanese/gdevnpdl.c.
- CVE-2025-27833: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs for a long TTF font name to
pdf/pdf_fmap.c.
- CVE-2025-27834: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs via an oversized Type 4 function in a
PDF document to pdf/pdf_func.c.
- CVE-2025-27835: An issue was discovered in Artifex Ghostscript before
10.05.0. A buffer overflow occurs when converting glyphs to Unicode in
psi/zbfont.c.
- CVE-2025-27836: An issue was discovered in Artifex Ghostscript before
10.05.0. The BJ10V device has a Print buffer overflow in
contrib/japanese/gdev10v.c.
- CVE-2025-27837: An issue was discovered in Artifex Ghostscript before
10.05.0. Access to arbitrary files can occur through a truncated path
with invalid UTF-8 characters, for base/gp_mswin.c and base/winrtsup.cpp.
https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/tag/gs10050
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>
(cherry picked from commit 9abf662cfd35c101b2c4c0e191adc3b949846663)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Peter Korsgaard