Leo Famulari writes: > On Sat, Sep 08, 2018 at 01:08:16PM +0200, Marius Bakke wrote: >> These patches aim to fix the recent security issues in Ghostscript. >> I have verified that the reproducers in >> no >> longer work with these patches. >> >> Marius Bakke (2): >> gnu: jbig2dec: Replace with 0.15 [security fixes]. >> gnu: ghostscript: Update replacement to 9.24 [security fixes]. > > Thanks! Looks good to me assuming Ghostscript 9.24 is ABI compatible > with 9.23. There are changes[0], but they are internal to the library and so *should* be harmless. Unfortunately I haven't been able to get the --drop-private-types or --harmless options of abidiff working. The same goes for jbig2dec, although it's more complicated since it includes a static library (to be removed on core-updates). It does not look like any of the consumers actually use it, though. Will push this after some more testing, as well as including the patch suggested by Tavis on oss-sec. [0]