File _patchinfo of Package patchinfo.34519
<patchinfo incident="34519">
<issue tracker="cve" id="2024-33870"/>
<issue tracker="cve" id="2024-33869"/>
<issue tracker="cve" id="2024-29510"/>
<issue tracker="bnc" id="1226944">VUL-0: CVE-2024-33870: ghostscript: path traversal to arbitrary files if the current directory is in the permitted paths</issue>
<issue tracker="bnc" id="1226945">VUL-0: CVE-2024-29510: ghostscript,ghostscript-library: format string injection leads to shell command execution (SAFER bypass)</issue>
<issue tracker="bnc" id="1226946">VUL-0: CVE-2024-33869: ghostscript: path traversal and command execution due to path reduction</issue>
<packager>jsmeix</packager>
<rating>important</rating>
<category>security</category>
<summary>Security update for ghostscript</summary>
<description>This update for ghostscript fixes the following issues:
- CVE-2024-29510: Fixed an arbitrary path traversal when running in a
permitted path (bsc#1226945).
- CVE-2024-33870: Fixed a format string injection that could lead to
command execution (bsc#1226944).
- CVE-2024-33869: Fixed a path validation bypass that could lead to
path traversal (bsc#1226946).
</description>
</patchinfo>