-
ghostscript (9.50~dfsg-5ubuntu4.11) focal-security; urgency=medium
* SECURITY UPDATE: code execution via PS documents and IJS device
- debian/patches/CVE-2023-43115.patch: prevent PostScript programs
switching to the IJS device after SAFER has been activated in
devices/gdevijs.c.
- CVE-2023-43115
-- Marc Deslauriers <email address hidden> Thu, 12 Oct 2023 09:06:46 -0400
-
ghostscript (9.50~dfsg-5ubuntu4.10) focal-security; urgency=medium
* SECURITY UPDATE: Divide By Zero
- debian/patches/CVE-2020-21710-1.patch: add a zero check for
bytes_per_space before using it for division in eps_print_page() in
devices/gdevepsn.c.
- debian/patches/CVE-2020-21710-2.patch: add a zero check for
bytes_per_space before using it for division in epsc_print_page() in
devices/gdevepsc.c
- CVE-2020-21710
* SECURITY UPDATE: Out-of-Bounds Write
- debian/patches/CVE-2020-21890-pre.patch: add the float res assignment
in clj_get_params() in devices/gdevclj.c.
- debian/patches/CVE-2020-21890.patch: change the variable for division
to use res instead of fres.data that could be uninitialized, in
clj_media_size() in devices/gdevclj.c.
- CVE-2020-21890
-- Rodrigo Figueiredo Zaiden <email address hidden> Tue, 12 Sep 2023 11:40:34 -0300
-
ghostscript (9.50~dfsg-5ubuntu4.9) focal-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
- CVE-2023-38559
-- Allen Huang <email address hidden> Tue, 15 Aug 2023 11:17:37 +0100
-
ghostscript (9.50~dfsg-5ubuntu4.8) focal-security; urgency=medium
* SECURITY UPDATE: incorrect permission validation for pipe devices
- debian/patches/CVE-2023-36664-pre1.patch: improve handling of current
directory permissions in base/gpmisc.c.
- debian/patches/CVE-2023-36664-pre2.patch: fix gp_file allocations to
use thread_safe_memory in base/gpmisc.c.
- debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
for permission validation in base/gpmisc.c, base/gslibctx.c.
- debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
in base/gpmisc.c, base/gslibctx.c.
- CVE-2023-36664
-- Marc Deslauriers <email address hidden> Wed, 05 Jul 2023 12:56:27 -0400
-
ghostscript (9.50~dfsg-5ubuntu4.7) focal-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2023-28879.patch: add check to make sure that the
buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
- CVE-2023-28879
-- Rodrigo Figueiredo Zaiden <email address hidden> Thu, 13 Apr 2023 10:48:39 -0300
-
ghostscript (9.50~dfsg-5ubuntu4.6) focal-security; urgency=medium
* SECURITY UPDATE: heap-based buffer overflow in lp8000_print_page()
- debian/patches/CVE-2020-27792.patch: fixed output buffer size worst
case in devices/gdevlp8k.c.
- CVE-2020-27792
-- Marc Deslauriers <email address hidden> Mon, 26 Sep 2022 10:40:09 -0400
-
ghostscript (9.50~dfsg-5ubuntu4.5) focal-security; urgency=medium
* SECURITY UPDATE: use-after-free in sampled_data_sample
- debian/patches/CVE-2021-45944.patch: check stack limits after
function evaluation in psi/zfsample.c.
- CVE-2021-45944
* SECURITY UPDATE: heap-based buffer overflow in sampled_data_finish
- debian/patches/CVE-2021-45949.patch: fix op stack management in
psi/zfsample.c.
- CVE-2021-45949
-- Marc Deslauriers <email address hidden> Tue, 11 Jan 2022 09:22:11 -0500
-
ghostscript (9.50~dfsg-5ubuntu4.4) focal; urgency=medium
* debian/patches/2021_fix-double-hyphen-option.patch: Fix bug
where using '--' command line syntax fails to read input files
(LP: #1913656)
-- William 'jawn-smith' Wilson <email address hidden> Thu, 14 Oct 2021 15:32:37 -0500
-
ghostscript (9.50~dfsg-5ubuntu4.3) focal-security; urgency=medium
* SECURITY UPDATE: Trivial -dSAFER bypass
- debian/patches/CVE-2021-3781-pre1.patch: handle format strings in
pipe OutputFiles in base/gslibctx.c.
- debian/patches/CVE-2021-3781-pre2.patch: fix pdfwrite "%d" mode with
file permissions in base/gsdevice.c, base/gslibctx.c.
- debian/patches/CVE-2021-3781-pre3.patch: move "break" to correct
place in base/gslibctx.c.
- debian/patches/CVE-2021-3781.patch: include device specifier strings
in access validation in base/gdevpipe.c, base/gp_mshdl.c,
base/gp_msprn.c, base/gp_os2pr.c, base/gslibctx.c.
- CVE-2021-3781
-- Marc Deslauriers <email address hidden> Thu, 09 Sep 2021 09:34:31 -0400
-
ghostscript (9.50~dfsg-5ubuntu4.2) focal-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/CVE-2020-16*.patch: backport multiple upstream commits
to fix various security issues.
- CVE-2020-16287, CVE-2020-16288, CVE-2020-16289, CVE-2020-16290,
CVE-2020-16291, CVE-2020-16292, CVE-2020-16293, CVE-2020-16294,
CVE-2020-16295, CVE-2020-16296, CVE-2020-16297, CVE-2020-16298,
CVE-2020-16299, CVE-2020-16300, CVE-2020-16301, CVE-2020-16302,
CVE-2020-16303, CVE-2020-16304, CVE-2020-16305, CVE-2020-16306,
CVE-2020-16307, CVE-2020-16308, CVE-2020-16309, CVE-2020-16310,
CVE-2020-17538
-- Marc Deslauriers <email address hidden> Fri, 21 Aug 2020 12:57:00 -0400
-
ghostscript (9.50~dfsg-5ubuntu4.1) focal-security; urgency=medium
* SECURITY UPDATE: memory corruption issue via non-standard PS operator
- debian/patches/CVE-2020-15900.patch: fix calculation in
psi/zstring.c.
- CVE-2020-15900
-- Marc Deslauriers <email address hidden> Fri, 31 Jul 2020 14:14:30 -0400
-
ghostscript (9.50~dfsg-5ubuntu4) focal; urgency=medium
* Re-introduced exception rule for building with only -O2 instead
of -O3 on ppc64el again, as the gcc fix was taken back due to a regression
(see also LP: #1862053).
-- Till Kamppeter <email address hidden> Mon, 30 Feb 2020 15:50:58 +0200
-
ghostscript (9.50~dfsg-5ubuntu3) focal; urgency=medium
* Remove the ppc64el -O3 workaround.
-- Matthias Klose <email address hidden> Sat, 22 Feb 2020 08:57:25 +0100
-
ghostscript (9.50~dfsg-5ubuntu2) focal; urgency=medium
* 020191122~8fa4886.patch: Fixed CMY (and YMC) output of "cups" and
"pwgraster" output devices (Upstream bug #701625 and #702133).
-- Till Kamppeter <email address hidden> Mon, 17 Feb 2020 19:03:58 +0100
-
ghostscript (9.50~dfsg-5ubuntu1) focal; urgency=medium
* Re-introduced exception rule for building with only -O2 instead
of -O3 on ppc64el (see also LP: #1862053).
-- Till Kamppeter <email address hidden> Fri, 7 Feb 2020 19:09:58 +0100
-
ghostscript (9.50~dfsg-5) unstable; urgency=medium
* add patch cherry-picked upstream
to add 'omitEOD' flag to RLE compressor and use for PXL;
closes: bug#941864,
thanks to Agustin Martin and Johannes Stezenbach
-- Jonas Smedegaard <email address hidden> Wed, 27 Nov 2019 20:15:08 +0100
-
ghostscript (9.27~dfsg+0-0ubuntu4) focal; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
loading fonts
- debian/patches/CVE-2019-14869.patch: remove use of .forceput in
Resource/Init/gs_ttf.ps.
- CVE-2019-14869
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2019 10:31:56 -0500
-
ghostscript (9.27~dfsg+0-0ubuntu3) eoan; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
Exposures
- debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
Be more defensive by preventing access to .forceput from
.setuserparams2.
- CVE-2019-14811
- CVE-2019-14812
- CVE-2019-14813
- debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
as execteonly
- CVE-2019-14817
-- Steve Beattie <email address hidden> Wed, 11 Sep 2019 12:06:48 -0700