Description Sam James 2024-05-18 04:48:22 UTC

```
--- /tmp/mgorny-dev-scripts/portage/app-text/ghostscript-gpl-10.03.0-r1/work/ghostscript-10.03.0/doc/News.html  2024-03-07 08:41:29.000000000 +0000
+++ /tmp/mgorny-dev-scripts/portage/app-text/ghostscript-gpl-10.03.1/work/ghostscript-10.03.1/doc/News.html     2024-05-02 10:45:25.000000000 +0100
@@ -5,16 +5,28 @@
 <!-- [1.0 end visible header] ============================================== -->
 
 <!-- [2.0 begin contents] ================================================== -->
-<h2><a name="Version10.03.0"></a>Version 10.03.0 (2024-03-06)</h2>
+<h2><a name="Version10.03.1"></a>Version 10.03.1 (2024-05-02)</h2>
 <p> Highlights in this release include:
 <ul>
 <li>
+<p>Fixes for CVE-2024-33869, CVE-2023-52722, CVE-2024-33870, CVE-2024-33871 and CVE-2024-29510
+</li>
+<li>
+<p><b>IMPORTANT:</b> For the 10.04.0 release (fall/autumn 2024) we will be adding protection for
+device selection from PostScript input. This will mean that, by default, only the device specified
+on the command line will be permitted. Similar to the file permissions, there will be a &quot;--permit-devices=&quot;
+allowing a comma separation list of allowed devices. This will also take a single wildcard &quot;*&quot; allowing any device.
+<p>Any application which relies on allowing PostScript to change devices during a job will have to be aware, and take action
+to deal with this change.
+<p>The exception is &quot;nulldevice&quot;, switching to that requires no special action.
+</li>
+<li>
[...]
```