-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.18) bionic-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2023-28879.patch: add check to make sure that the
buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
- CVE-2023-28879
-- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 10:09:22 -0300
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.17) bionic-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow in lp8000_print_page()
- debian/patches/CVE-2020-27792.patch: fixed output buffer size worst
case in devices/gdevlp8k.c.
- CVE-2020-27792
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:43:27 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.16) bionic-security; urgency=medium
* SECURITY UPDATE: old code execution issue
- debian/patches/CVE-2019-25059-1.patch: undef .completefont in
Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
Resource/Init/gs_ttf.ps.
- debian/patches/CVE-2019-25059-2.patch: undef .origdefinefont,
.origundefinefont, .origfindfont in Resource/Init/gs_init.ps,
Resource/Init/gs_res.ps.
- CVE-2019-25059
-- Marc Deslauriers <email address hidden> Wed, 27 Apr 2022 08:27:55 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.15) bionic-security; urgency=medium
* SECURITY UPDATE: use-after-free in sampled_data_sample
- debian/patches/CVE-2021-45944.patch: check stack limits after
function evaluation in psi/zfsample.c.
- CVE-2021-45944
* SECURITY UPDATE: heap-based buffer overflow in sampled_data_finish
- debian/patches/CVE-2021-45949.patch: fix op stack management in
psi/zfsample.c.
- CVE-2021-45949
-- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 09:22:40 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.14) bionic-security; urgency=medium
* SECURITY UPDATE: integer overflow in opj_t1_encode_cblks
- debian/patches/CVE-2018-5727.patch: fix UBSAN signed integer overflow
in openjpeg/src/lib/openjp2/t1.c.
- CVE-2018-5727
* SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
- debian/patches/CVE-2020-6851.patch: reject images whose
coordinates are beyond INT_MAX in openjpeg/src/lib/openjp2/j2k.c.
- CVE-2020-6851
* SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
- debian/patches/CVE-2020-8112.patch: avoid integer overflow in
openjpeg/src/lib/openjp2/tcd.c.
- CVE-2020-8112
* SECURITY UPDATE: heap-buffer-overflow
- debian/patches/CVE-2020-27814-1.patch: grow buffer size in
openjpeg/src/lib/openjp2/tcd.c.
- debian/patches/CVE-2020-27814-2.patch: grow it again
- debian/patches/CVE-2020-27814-3.patch: and some more
- debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
- CVE-2020-27814
* SECURITY UPDATE: global-buffer-overflow
- debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
irreversible conversion when too many decomposition levels are
specified in openjpeg/src/lib/openjp2/dwt.c.
- CVE-2020-27824
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27841.patch: add extra checks to
openjpeg/src/lib/openjp2/pi.c, openjpeg/src/lib/openjp2/pi.h,
openjpeg/src/lib/openjp2/t2.c.
- CVE-2020-27841
* SECURITY UPDATE: null pointer dereference
- debian/patches/CVE-2020-27842.patch: add check to
openjpeg/src/lib/openjp2/t2.c.
- CVE-2020-27842
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27843.patch: add check to
openjpeg/src/lib/openjp2/t2.c.
- CVE-2020-27843
* SECURITY UPDATE: out-of-bounds read
- debian/patches/CVE-2020-27845.patch: add extra checks to
openjpeg/src/lib/openjp2/pi.c.
- CVE-2020-27845
-- Marc Deslauriers <email address hidden> Wed, 06 Jan 2021 12:44:08 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.13) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2020-16*.patch: backport multiple upstream commits
to fix various security issues.
- CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290,
CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294,
CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298,
CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302,
CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306,
CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310,
CVE-2020-17538
-- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 13:09:58 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.12) bionic-security; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
loading fonts
- debian/patches/CVE-2019-14869.patch: remove use of .forceput in
Resource/Init/gs_ttf.ps.
- CVE-2019-14869
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2019 10:46:26 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.11) bionic-security; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
Exposures
- debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
Be more defensive by preventing access to .forceput from
.setuserparams2.
- CVE-2019-14811
- CVE-2019-14812
- CVE-2019-14813
- debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
as execteonly
- CVE-2019-14817
-- Steve Beattie <email address hidden> Tue, 27 Aug 2019 22:07:57 -0700
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.10) bionic-security; urgency=medium
* SECURITY UPDATE: `-dSAFER` restrictions bypass
- debian/patches/CVE-2019-10216.patch: protect use of .forceput
with executeonly
- CVE-2019-10216
-- Steve Beattie <email address hidden> Thu, 08 Aug 2019 21:24:01 -0700
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.9) bionic-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
- debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
- CVE-2019-3839
-- Marc Deslauriers <email address hidden> Tue, 07 May 2019 12:48:08 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.8) bionic-security; urgency=medium
* SECURITY UPDATE: superexec operator is available
- debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
- debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
- CVE-2019-3835
* SECURITY UPDATE: forceput in DefineResource is still accessible
- debian/patches/CVE-2019-3838-1.patch: make a transient proc
executeonly in Resource/Init/gs_res.ps.
- debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
executeonly in Resource/Init/gs_res.ps.
- CVE-2019-3838
-- Marc Deslauriers <email address hidden> Tue, 19 Mar 2019 09:03:15 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.7) bionic-security; urgency=medium
* SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail,
second fix attempt. (LP: #1815339)
- debian/patches/lp1815339.patch: re-enable.
- debian/patches/lp1815339-2.patch: properly map RGBW color space in
cups/gdevcups.c.
-- Marc Deslauriers <email address hidden> Mon, 25 Feb 2019 09:40:07 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.6) bionic-security; urgency=medium
* SECURITY REGRESSION: Ghostscript update causes blue background
(LP: #1817308)
- disable debian/patches/lp1815339.patch
-- Chris Coulson <email address hidden> Sat, 23 Feb 2019 06:52:25 +0100
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.5) bionic-security; urgency=medium
* SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
(LP: #1815339)
- debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.
* debian/libgs9.symbols: add new symbol missing in previous update.
-- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 11:45:50 +0100
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.4) bionic-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-6116.patch: address .force* operators
exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
- CVE-2019-6116
-- Marc Deslauriers <email address hidden> Wed, 16 Jan 2019 10:52:35 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.3) bionic-security; urgency=medium
* SECURITY REGRESSION: multiple regressions (LP: #1806517)
- debian/patches/020181126-96c381c*.patch: fix duplex issue.
- debian/patches/020181205-fae21f16*.patch: fix -dFirstPage and
-dLastPage issue.
-- Marc Deslauriers <email address hidden> Thu, 06 Dec 2018 07:17:16 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
- CVE-2018-19409
- CVE-2018-19475
- CVE-2018-19476
- CVE-2018-19477
* Removed patches included in new version:
- debian/patches/0218*.patch
- debian/patches/lp1800062.patch
* debian/libgs9.symbols: updated for new version.
* debian/libgs__VER__-common.maintscript.in: Updated to new version. This
needs to be done every time the xenial package is updated to a new
upstream release.
-- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 08:15:24 -0500
-
ghostscript (9.25~dfsg+1-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/0218*.patch: multiple cherry-picked upstream commits
to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
these for Debian's 9.25~dfsg-3 package.
- debian/libgs9.symbols: added new symbol.
- CVE-2018-17961
- CVE-2018-18073
- CVE-2018-18284
* Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
- debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
logic in cups/gdevcups.c.
* Fix iccprofiles directory to symlink issue (LP: #1800328)
- debian/libgs__VER__-common.maintscript.in: make sure directory is
correctly transitioned to a symlink.
-- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 09:00:57 -0400
-
ghostscript (9.25~dfsg+1-0ubuntu0.18.04.1) bionic-security; urgency=medium
* SECURITY UPDATE: updated to 9.25 to fix multiple security issues
- Previous security release contained an incomplete fix for
CVE-2018-16510, and there are many other security fixes and
improvements that went into the new upstream version without getting
CVE numbers assigned.
- CVE-2018-16510
- CVE-2018-17183
* Packages changes required for new version:
- debian/patches/CVE*: removed, included in new version.
- debian/patches/*: refreshed from cosmic package.
- debian/copyright*: updated from cosmic package.
- debian/libgs9.symbols: updated with new symbols.
-- Marc Deslauriers <email address hidden> Thu, 27 Sep 2018 07:27:17 -0400
-
ghostscript (9.22~dfsg+1-0ubuntu1.2) bionic-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2018-1*.patch: backport large number of
upstream security fixes.
- CVE-2018-15908, CVE-2018-15909, CVE-2018-15910, CVE-2018-15911,
CVE-2018-16509, CVE-2018-16510, CVE-2018-16511, CVE-2018-16513,
CVE-2018-16539, CVE-2018-16540, CVE-2018-16541, CVE-2018-16542,
CVE-2018-16543, CVE-2018-16802
-- Marc Deslauriers <email address hidden> Tue, 11 Sep 2018 08:49:14 -0400
-
ghostscript (9.22~dfsg+1-0ubuntu1.1) bionic-security; urgency=medium
* SECURITY UPDATE: Heap-based buffer overflow and application crash
- debian/patches/CVE-2016-10317.patch: check max_height bounds in
base/gxht_thresh.c, base/gxipixel.c.
- CVE-2016-10317
* SECURITY UPDATE: Denial of service
- debian/patches/CVE-2018-10194.patch: avoid infinite number
in devices/vector/gdevpdts.c.
- CVE-2018-10194
-- <email address hidden> (Leonidas S. Barbosa) Tue, 24 Apr 2018 14:34:45 -0300
-
ghostscript (9.22~dfsg+1-0ubuntu1) bionic; urgency=low
* Merge from Debian unstable. Remaining changes:
+ openjpeg library bundled with upstream Ghostscript/GhostPDL used
instead of the original openjpeg library, as the original library
is not accepted into Ubuntu Main
(https://bugs.launchpad.net/bugs/711061).
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <email address hidden> Fri, 23 Feb 2018 21:12:00 +0100
-
ghostscript (9.21~dfsg+1-0ubuntu3) artful; urgency=medium
* SECURITY UPDATE: DoS via crafted files
- debian/patches/CVE-2017-11714.patch: prevent to reloc
a freed object in psi/ztoken.c.
- CVE-2017-11714
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9611.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9611
* SECURITY UPDATE: DoS in Artifex Ghostscript
- debian/patches/CVE-2017-9612.patch: bounds check pointer in
base/ttinterp.c
- CVE-2017-9612
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9726.patch: bounds check zone pointer
in base/ttinterp.c.
- CVE-2017-9726
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9727.patch: make bounds check in
base/gxttfb.c.
- CVE-2017-9727
* SECURITY UPDATE: DoS heap-based buffer over-read and crash
- debian/patches/CVE-2017-9739.patch: bounds check in
base/ttinterp.c.
- CVE-2017-9739
* SECURITY UPDATE: DoS heap-base buffer over-read and crash
- debian/patches/CVE-2017-9835.patch: bounds check the array
allocations methods in base/gsalloc.c.
- CVE-2017-9835
-- <email address hidden> (Leonidas S. Barbosa) Thu, 14 Sep 2017 13:48:36 -0400