-
ghostscript (9.21~dfsg+1-0ubuntu3.1) artful-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow and application crash
- debian/patches/CVE-2016-10317.patch: check max_height bounds in
base/gxht_thresh.c, base/gxipixel.c.
- CVE-2016-10317
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10194.patch: avoid infinite number
in devices/vector/gdevpdts.c.
- CVE-2018-10194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Apr 2018 13:55:24 -0300
-
ghostscript (9.21~dfsg+1-0ubuntu3) artful; urgency=medium
* SECURITY UPDATE: DoS via crafted files
- debian/patches/CVE-2017-11714.patch: prevent to reloc
a freed object in psi/ztoken.c.
- CVE-2017-11714
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9611.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9611
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9612.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9612
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9726.patch: bounds check zone pointer
in base/ttinterp.c.
- CVE-2017-9726
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9727.patch: make bounds check in
base/gxttfb.c.
- CVE-2017-9727
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9739.patch: bounds check in
base/ttinterp.c.
- CVE-2017-9739
* SECURITY UPDATE: DoS heap-base buffer over-read and crash
- debian/patches/CVE-2017-9835.patch: bounds check the array
allocations methods in base/gsalloc.c.
- CVE-2017-9835
-- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 13:48:36 -0400
-
ghostscript (9.21~dfsg+1-0ubuntu2) artful; urgency=low
* 020170831-4129543.patch: Backported fix from upstream to make the
contents of combo boxes in filled PDF forms show (Upstream bug #698461).
-- Till Kamppeter <email address hidden> Fri, 1 Sep 2017 08:57:00 -0300
-
ghostscript (9.21~dfsg+1-0ubuntu1) artful; urgency=low
* Merge from Debian unstable. Remaining changes:
+ openjpeg library bundled with upstream Ghostscript/GhostPDL used
instead of the original openjpeg library, as the original library
is not accepted into Ubuntu Main
(https://bugs.launchpad.net/bugs/711061).
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <email address hidden> Thu, 3 Aug 2017 22:08:00 -0300
-
ghostscript (9.19~dfsg+1-0ubuntu10) artful; urgency=medium
* REGRESSION UPDATE: Fix for CVE-2017-8291 broke pstoedit when using
DELAYBIND feature (LP: #1687614).
- debian/patches/CVE-2017-8291-regression.patch: return false rather
than raise error when .eqproc is called with parameters that are
not both procedures; correct stack underflow detection.
-- Steve Beattie <email address hidden> Mon, 15 May 2017 14:39:41 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu8) artful; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Dont create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 16:00:11 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu7.1) zesty-security; urgency=medium
* SECURITY UPDATE: Information disclosure through getenv, filenameforall
- debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
honor SAFER
- CVE-2013-5653
* SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
- debian/patches/CVE-2016-7976.patch: Add a file permissions callback
- CVE-2016-7976
* SECURITY UPDATE: use-after-free and remote code execution
- debian/patches/CVE-2016-7978.patch: Reference count device icc profile
- CVE-2016-7978
* SECURITY UPDATE: type confusion allows remote code execution
- debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
- CVE-2016-7979
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2016-8602.patch: check for sufficient params
- CVE-2016-8602
* SECURITY UPDATE: fix SAFER permissions
- debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
- CVE-2016-7977
-- Emily Ratliff <email address hidden> Thu, 15 Dec 2016 16:27:43 -0600