-
ghostscript (8.61.dfsg.1-1ubuntu3.5) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
icclib overflow
- debian/patches/CVE-2012-4405.dpatch: validate input channels in
icclib/icc.c.
- CVE-2012-4405
-- Marc Deslauriers <email address hidden> Fri, 21 Sep 2012 08:58:24 -0400
-
ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: arbitrary code execution or denial of service via
off-by-one in TrueType interpreter.
- debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
- CVE-2009-3743
* SECURITY UPDATE: denial of service via crafted font data
- debian/patches/CVE-2010-4054.dpatch: check for null pointers in
src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
- CVE-2010-4054
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Tue, 20 Dec 2011 16:01:14 -0500
-
ghostscript (8.61.dfsg.1-1ubuntu3.3) hardy-security; urgency=low
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/CVE-2010-1628.dpatch: only initialize structures if
all allocations were successful in src/ialloc.c, src/idosave.h,
src/isave.c.
- CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
(LP: #546009)
- debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
src/int.mak, src/iscan.c, src/iscan.h.
- CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
- debian/patches/security-long-names.dpatch: check against maximum size
in psi/iscan.c.
- No CVE number yet.
-- Marc Deslauriers <email address hidden> Mon, 12 Jul 2010 12:33:50 -0400
-
ghostscript (8.61.dfsg.1-1ubuntu3.2) hardy-security; urgency=low
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via buffer underflow in the CCITTFax decoding filter
- debian/patches/33_CVE-2007-6725.dpatch: work around the buffer
underflow in src/scfd.c.
- CVE-2007-6725
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via BaseFont writer module
- debian/patches/34_CVE-2008-6679.dpatch: increase size of buffer in
src/gdevpdtb.c.
- CVE-2008-6679
* SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
dictionary segments
- debian/patches/35_CVE-2009-0196.dpatch: validate size of runlength
in export symbol table in jbig2dec/jbig2_symbol_dict.c.
- CVE-2009-0196
* SECURITY UPDATE: denial of service and possible arbitrary code
execution via integer overflows in icclib
- debian/patches/36_CVE-2009-0792.dpatch: fix numerous overflows in
icclib/icc.c.
- CVE-2009-0792
-- Marc Deslauriers <email address hidden> Thu, 09 Apr 2009 11:26:12 -0400
-
ghostscript (8.61.dfsg.1-1ubuntu3.1) hardy-security; urgency=low
* SECURITY UPDATE: Arbitrary code execution due to integer overflows and
insufficient upper-bounds checks in the ICC library
- debian/patches/32_CVE-2009-0583_0584.dpatch: fix multiple integer
overflows and perform bounds checking in icclib/icc.c.
- CVE-2009-0583
- CVE-2009-0584
-- Marc Deslauriers <email address hidden> Mon, 23 Mar 2009 07:46:37 -0400
-
ghostscript (8.61.dfsg.1-1ubuntu3) hardy; urgency=low
* SECURITY UPDATE: buffer overflow in color space handling code
* debian/patches/31_CVE-2008-0411.dpatch: fix zseticcspace() to perform
range checks
* References
CVE-2008-0411
-- Jamie Strandboge <email address hidden> Tue, 08 Apr 2008 11:58:11 -0400
-
ghostscript (8.61.dfsg.1-1ubuntu2) hardy; urgency=low
* Fix debian/libgs8.shlibs for ubuntu version number
-- Jonathan Riddell <email address hidden> Sat, 16 Feb 2008 18:45:47 +0000
-
ghostscript (8.61.dfsg.1-1ubuntu1) hardy; urgency=low
* Merge from debian unstable, remaining changes:
- gs-esp and gs-common depend only on ghostscript, not on ghostscript-x,
as gs-esp had already split off gs-esp-x in Ubuntu
- Updated the KRGB patch from HP to the newest upstream version with
added checks for null forward device in the graphic procedures to fix
segfault bug LP: #69905 and corrected "force banding" code in gsijs_open
for small images (IE: hagaki in landscape).
ghostscript (8.61.dfsg.1-1) unstable; urgency=low
[Masayuki Hatta]
* New upstream release.
* Now pdf2dsc can handle PageLabels properly - closes: #266166
* Bumped up Standards-Version to 3.7.3 (no physical changes).
* NEWS, README.Debian, copyright: Revised.
* NEWS: Fixed wrong version number - closes: #454514, #454515
* Sorted out dpatches:
01-09: Debian-specific patches
10-19: Bigger 3rd party patches (KRGB & CJKV)
20-: Temporary bug fixes (should be incorporated into the upstream)
* debian/patches/29_gs_css_fix.dpatch: Fixes a syntax error in gs.css
- closes: #457118
* debian/patches/30_ps2pdf_man_improvement.dpatch: Improved manpages for
ps2pdf - closes: #193461
[Till Kamppeter]
* debian/patches/09_ijs_krgb_support.dpatch: Adapted to upstream changes.
* debian/rules: Updated CUPS-related variables for "make install" calls.
* debian/rules: Remove /usr/include/ghostscript from the ghostscript
package, they go into libgs-dev.
* debian/patches/40_cups_filters_with_buffered_input.dpatch: Modified
cups/psto* filters to let Ghostscript always use buffered input. This
works around a Ghostscript bug which prevents printing encrypted PDF
files with Adobe Reader 8.1.1 and Ghostscript built as shared library
(Ghostscript bug #689577, Ubuntu bug LP: #172264)
* debian/patches/42_print_encrypted_PDFs_from_adobe_reader_8.dpatch:
Fixed printing of encrypted PDF files from Adobe Reader 8.1.1. This
is the real fix now and not only a workaround. (Ghostscript bug
#689577, Ubuntu bug LP: #172264).
-- Till Kamppeter <email address hidden> Wed, 6 Feb 2008 17:41:22 +0100
-
ghostscript (8.61.dfsg.1-0ubuntu5) hardy; urgency=low
* debian/rules: Do not ship README.gz in ghostscript, it collides with
ghostscript-doc. (LP: #185602, Debian #460692)
-- Martin Pitt <email address hidden> Wed, 30 Jan 2008 11:11:03 +0100
-
ghostscript (8.61.dfsg.1-0ubuntu4) hardy; urgency=low
* debian/patches/09_ijs_krgb_support.dpatch: Updated the KRGB patch from
HP to the newest upstream version with added checks for null forward
device in the graphic procedures to fix segfault bug LP: #69905 and
corrected "force banding" code in gsijs_open for small images (IE:
hagaki in landscape).
-- Till Kamppeter <email address hidden> Wed, 23 Jan 2008 13:17:43 +0000
-
ghostscript (8.61.dfsg.1-0ubuntu3) hardy; urgency=low
* debian/patches/42_print_encrypted_PDFs_from_adobe_reader_8.dpatch:
Fixed printing of encrypted PDF files from Adobe Reader 8.1.1. This is
the real fix now and not only a workaround. (Ghostscript bug #689577,
Ubuntu bug LP: #172264).
-- Till Kamppeter <email address hidden> Mon, 12 Dec 2007 12:17:43 +0000
-
ghostscript (8.61.dfsg.1-0ubuntu2) hardy; urgency=low
* Merge with Debian unstable. Remaining Ubuntu changes:
- gs-esp and gs-common depend only on ghostscript, not on ghostscript-x,
as gs-esp had already split of gs-esp-x in Ubuntu
- Upstream version 8.61 final
* debian/patches/40_cups_filters_with_buffered_input.dpatch: Modified
cups/psto* filters to let Ghostscript always use buffered input. This
works around a Ghostscript bug which prevents printing encrypted PDF
files with Adobe Reader 8.1.1 and Ghostscript built as shared library
(Ghostscript bug #689577, Ubuntu bug LP: #172264)
-- Till Kamppeter <email address hidden> Wed, 5 Dec 2007 13:17:43 +0000
-
ghostscript (8.61.dfsg.1-0ubtuntu1) hardy; urgency=low
* New upstream release
o Final 8.61 release
* debian/patches/09_ijs_krgb_support.dpatch: Adapted to upstream changes.
* debian/rules: Updated CUPS-related variables for "make install" calls.
* debian/rules: Remove /usr/include/ghostscript from the ghostscript
package, they go into lings-dev.
-- Till Kamppeter <email address hidden> Thu, 22 Nov 2007 12:17:43 +0000
-
ghostscript (8.61.dfsg.1~svn8187-0ubuntu4) hardy; urgency=low
* debian/rules: Clean /usr/share/doc/*.html files from package
'ghostscript', too (incomplete fix in previous versions), since they are
already shipped in ghostscript-doc and thus have a file conflict.
(LP: #153218)
-- Martin Pitt <email address hidden> Mon, 22 Oct 2007 17:21:21 +0200
-
ghostscript (8.61.dfsg.1~svn8187-0ubuntu3) gutsy; urgency=low
[ Till Kamppeter ]
* debian/rules: Install missing *.upp files (usptream bug, LP: #150985).
[ Martin Pitt ]
* debian/rules: Clean files from package ghostscript which are moved to
ghostscript-doc on i386 (where arch-all packages are built). On all
non-i386 platforms the files remained in the main package, which causes
file conflicts and unnecessary package growth. This is a quick hack for
Gutsy. In Hardy, this horribly broken build system should be fixed
properly.
-- Martin Pitt <email address hidden> Tue, 09 Oct 2007 23:00:28 +0200
