Ubuntu
ghostscript package

lp:ubuntu/hardy-security/ghostscript

  1. Hardy (8.04)
  2. hardy-security
Created by James Westby and last modified
Get this branch:
bzr branch lp:ubuntu/hardy-security/ghostscript
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

28. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible code execution via
  icclib overflow
  - debian/patches/CVE-2012-4405.dpatch: validate input channels in
    icclib/icc.c.
  - CVE-2012-4405

27. By Marc Deslauriers

* SECURITY UPDATE: integer overflows via integer multiplication for
  memory allocation
  - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
    allocation functions and use them in:
    * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
      jas_malloc.c,jas_seq.c}
    * jasper/src/libjasper/bmp/bmp_dec.c
    * jasper/src/libjasper/include/jasper/jas_malloc.h
    * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
    * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
      jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
      jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
    * jasper/src/libjasper/mif/mif_cod.c
  - CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
  - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
    jasper/src/libjasper/base/jas_stream.c
  - CVE-2008-3522
* SECURITY UPDATE: arbitrary code execution or denial of service via
  off-by-one in TrueType interpreter.
  - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
  - CVE-2009-3743
* SECURITY UPDATE: denial of service via crafted font data
  - debian/patches/CVE-2010-4054.dpatch: check for null pointers in
    src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
  - CVE-2010-4054
* SECURITY UPDATE: denial of service and possible code execution via
  heap-based buffer overflows.
  - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
    and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
  - CVE-2011-4516
  - CVE-2011-4517

26. By Marc Deslauriers

* SECURITY UPDATE: arbitrary code execution via unlimited recursive
  procedure invocations (LP: #546009)
  - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
    all allocations were successful in src/ialloc.c, src/idosave.h,
    src/isave.c.
  - CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
  (LP: #546009)
  - debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
    src/int.mak, src/iscan.c, src/iscan.h.
  - CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
  - debian/patches/security-long-names.dpatch: check against maximum size
    in psi/iscan.c.
  - No CVE number yet.

25. By Marc Deslauriers

* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via buffer underflow in the CCITTFax decoding filter
  - debian/patches/33_CVE-2007-6725.dpatch: work around the buffer
    underflow in src/scfd.c.
  - CVE-2007-6725
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via BaseFont writer module
  - debian/patches/34_CVE-2008-6679.dpatch: increase size of buffer in
    src/gdevpdtb.c.
  - CVE-2008-6679
* SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
  dictionary segments
  - debian/patches/35_CVE-2009-0196.dpatch: validate size of runlength
    in export symbol table in jbig2dec/jbig2_symbol_dict.c.
  - CVE-2009-0196
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via integer overflows in icclib
  - debian/patches/36_CVE-2009-0792.dpatch: fix numerous overflows in
    icclib/icc.c.
  - CVE-2009-0792

24. By Marc Deslauriers

* SECURITY UPDATE: Arbitrary code execution due to integer overflows and
  insufficient upper-bounds checks in the ICC library
  - debian/patches/32_CVE-2009-0583_0584.dpatch: fix multiple integer
    overflows and perform bounds checking in icclib/icc.c.
  - CVE-2009-0583
  - CVE-2009-0584

23. By Jamie Strandboge

* SECURITY UPDATE: buffer overflow in color space handling code
* debian/patches/31_CVE-2008-0411.dpatch: fix zseticcspace() to perform
  range checks
* References
  CVE-2008-0411

22. By Jonathan Riddell

Fix debian/libgs8.shlibs for ubuntu version number

21. By Till Kamppeter

* Merge from debian unstable, remaining changes:
  - gs-esp and gs-common depend only on ghostscript, not on ghostscript-x,
    as gs-esp had already split off gs-esp-x in Ubuntu
  - Updated the KRGB patch from HP to the newest upstream version with
    added checks for null forward device in the graphic procedures to fix
    segfault bug LP: #69905 and corrected "force banding" code in gsijs_open
    for small images (IE: hagaki in landscape).

20. By Martin Pitt

debian/rules: Do not ship README.gz in ghostscript, it collides with
ghostscript-doc. (LP: #185602, Debian #460692)

19. By Till Kamppeter

debian/patches/09_ijs_krgb_support.dpatch: Updated the KRGB patch from
HP to the newest upstream version with added checks for null forward
device in the graphic procedures to fix segfault bug LP: #69905 and
corrected "force banding" code in gsijs_open for small images (IE:
hagaki in landscape).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/karmic/ghostscript
This branch contains Public information 
Everyone can see this information.

Subscribers