-
ghostscript (9.19~dfsg+1-0ubuntu7.6) zesty-security; urgency=medium
* SECURITY UPDATE: DoS via crafted files
- debian/patches/CVE-2017-11714.patch: prevent to reloc
a freed object in psi/ztoken.c.
- CVE-2017-11714
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9611.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9611
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9612.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9612
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9726.patch: bounds check zone pointer
in base/ttinterp.c.
- CVE-2017-9726
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9727.patch: make bounds check in
base/gxttfb.c.
- CVE-2017-9727
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9739.patch: bounds check in
base/ttinterp.c.
- CVE-2017-9739
* SECURITY UPDATE: DoS heap-base buffer over-read and crash
- debian/patches/CVE-2017-9835.patch: bounds check the array
allocations methods in base/gsalloc.c.
- CVE-2017-9835
-- <email address hidden> (Leonidas S. Barbosa) Fri, 25 Aug 2017 10:19:44 -0300
-
ghostscript (9.19~dfsg+1-0ubuntu7.4) zesty-security; urgency=medium
* REGRESSION UPDATE: Fix for CVE-2017-8291 broke pstoedit when using
DELAYBIND feature (LP: #1687614).
- debian/patches/CVE-2017-8291-regression.patch: return false rather
than raise error when .eqproc is called with parameters that are
not both procedures; correct stack underflow detection.
-- Steve Beattie <email address hidden> Mon, 15 May 2017 11:46:44 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu7.2) zesty-security; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Dont create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 16:00:11 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu7.1) zesty-security; urgency=medium
* SECURITY UPDATE: Information disclosure through getenv, filenameforall
- debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
honor SAFER
- CVE-2013-5653
* SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
- debian/patches/CVE-2016-7976.patch: Add a file permissions callback
- CVE-2016-7976
* SECURITY UPDATE: use-after-free and remote code execution
- debian/patches/CVE-2016-7978.patch: Reference count device icc profile
- CVE-2016-7978
* SECURITY UPDATE: type confusion allows remote code execution
- debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
- CVE-2016-7979
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2016-8602.patch: check for sufficient params
- CVE-2016-8602
* SECURITY UPDATE: fix SAFER permissions
- debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
- CVE-2016-7977
-- Emily Ratliff <email address hidden> Thu, 15 Dec 2016 16:27:43 -0600
-
ghostscript (9.19~dfsg+1-0ubuntu7) zesty; urgency=medium
* debian/patches/020161028~0726780_gdevcups-pwgraster-bitmap-always-without-margins.patch:
"cups" output device: When creating PWG Raster output, always output
the bitmap of the full page, ignoring any unprintable margins suggested
by the PPD file (LP: #1637583).
-- Till Kamppeter <email address hidden> Fri, 28 Oct 2016 16:00:00 -0200
-
ghostscript (9.19~dfsg+1-0ubuntu6) yakkety; urgency=medium
* debian/rules:
+ Revert the dependency change in 9.19~dfsg+1-0ubuntu3
(LP: #1625734, LP: #1626245).
-- Gunnar Hjalmarsson <email address hidden> Thu, 22 Sep 2016 10:50:00 +0200
