-
ghostscript (9.27~dfsg+0-0ubuntu3.1) eoan-security; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
loading fonts
- debian/patches/CVE-2019-14869.patch: remove use of .forceput in
Resource/Init/gs_ttf.ps.
- CVE-2019-14869
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2019 10:31:56 -0500
-
ghostscript (9.27~dfsg+0-0ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
Exposures
- debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
Be more defensive by preventing access to .forceput from
.setuserparams2.
- CVE-2019-14811
- CVE-2019-14812
- CVE-2019-14813
- debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
as execteonly
- CVE-2019-14817
-- Steve Beattie <email address hidden> Wed, 11 Sep 2019 12:06:48 -0700
-
ghostscript (9.27~dfsg+0-0ubuntu2) eoan; urgency=medium
* Backported fixes on the "cups" (CUPS Raster/PWG Raster) output
device to improve the matching of the geometry of the incoming
page with the page sizes of the PPD file and also respecting
special page size variants (like borderless) requested by the
user. These changes should be included upstream from Ghostscript
9.29 on.
-- Till Kamppeter <email address hidden> Fri, 30 Aug 2019 12:10:06 +0200
-
ghostscript (9.27~dfsg+0-0ubuntu1) eoan; urgency=medium
* New upstream release
Highlights:
- We have extensively cleaned up the Postscript name space: removing
access to internal and/or undocumented Postscript operators, procedures
and data. This has benefits for security and maintainability.
- Fontmap can now reference invidual fonts in a TrueType Collection for
font subsitution. Previously, a Fontmap entry could only reference a
TrueType collection and use the default (first) font. Now, the Fontmap
syntax allows for specifying a specific index in a TTC. See the comments
at the top of (the default) Fontmap.GS for details.
* Improvements on HTML documentation (Use local JavaScript, avoid remote
fonts, avoid Google Tag Manager) by overtaking the appropriate patches
from the Debian package.
* Backported upstream patch to fix regression resolving bounding box of
font glyphs and re-introduce over/underflow workaround.
* Backported upstream patch to protect use of .forceput with
executeonly.
* Removed patches 02018*, lp1815339*, CVE-2019-* which are already included
upstream.
* Refreshed patch 2007_suggest_install_ghostscript-doc_in_code.patch with
quilt.
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <email address hidden> Thu, 15 Aug 2019 21:38:06 +0200
-
ghostscript (9.26~dfsg+0-0ubuntu9) eoan; urgency=medium
* SECURITY UPDATE: `-dSAFER` restrictions bypass
- debian/patches/CVE-2019-10216.patch: protect use of .forceput
with executeonly
- CVE-2019-10216
-- Steve Beattie <email address hidden> Thu, 08 Aug 2019 14:11:53 -0700
-
ghostscript (9.26~dfsg+0-0ubuntu8) eoan; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
- debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
- CVE-2019-3839
-- Marc Deslauriers <email address hidden> Tue, 07 May 2019 11:28:11 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu7) disco; urgency=medium
* SECURITY UPDATE: superexec operator is available
- debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
- debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
- CVE-2019-3835
* SECURITY UPDATE: forceput in DefineResource is still accessible
- debian/patches/CVE-2019-3838-1.patch: make a transient proc
executeonly in Resource/Init/gs_res.ps.
- debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
executeonly in Resource/Init/gs_res.ps.
- CVE-2019-3838
-- Marc Deslauriers <email address hidden> Thu, 21 Mar 2019 13:15:30 -0400