ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: arbitrary code execution or denial of service via off-by-one in TrueType interpreter. - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c. - CVE-2009-3743 * SECURITY UPDATE: denial of service via crafted font data - debian/patches/CVE-2010-4054.dpatch: check for null pointers in src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}. - CVE-2010-4054 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517
Date: Tue, 20 Dec 2011 16:01:14 -0500 Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> https://launchpad.net/ubuntu/hardy/+source/ghostscript/8.61.dfsg.1-1ubuntu3.4
Format: 1.7 Date: Tue, 20 Dec 2011 16:01:14 -0500 Source: ghostscript Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev Architecture: source Version: 8.61.dfsg.1-1ubuntu3.4 Distribution: hardy-security Urgency: low Maintainer: Ubuntu Developers <ubuntu-devel-disc...@lists.ubuntu.com> Changed-By: Marc Deslauriers <marc.deslauri...@ubuntu.com> Description: ghostscript - The GPL Ghostscript PostScript/PDF interpreter ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor gs - Transitional package gs-aladdin - Transitional package gs-common - Transitional package gs-esp - Transitional package gs-esp-x - Transitional package gs-gpl - Transitional package libgs-dev - The Ghostscript PostScript Library - Development Files libgs-esp-dev - Transitional package libgs8 - The Ghostscript PostScript/PDF interpreter Library Changes: ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low . * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: arbitrary code execution or denial of service via off-by-one in TrueType interpreter. - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c. - CVE-2009-3743 * SECURITY UPDATE: denial of service via crafted font data - debian/patches/CVE-2010-4054.dpatch: check for null pointers in src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}. - CVE-2010-4054 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Files: eca400a45c98398164c9c47ad1787aa1 1842 text optional ghostscript_8.61.dfsg.1-1ubuntu3.4.dsc 441506abe5d7d81c7600755eb9f21fc5 121402 text optional ghostscript_8.61.dfsg.1-1ubuntu3.4.diff.gz Original-Maintainer: Masayuki Hatta (mhatta) <mha...@debian.org>
-- Hardy-changes mailing list Hardy-changes@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/hardy-changes