lp:ubuntu/jaunty-security/ghostscript

Created by James Westby on 2010-07-13 and last modified on 2010-07-13
Get this branch:
bzr branch lp:ubuntu/jaunty-security/ghostscript
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Owner:
Ubuntu branches
Review team:
Ubuntu Development Team
Status:
Mature

Recent revisions

51. By Marc Deslauriers on 2010-07-12

* SECURITY UPDATE: denial of service and possible code execution via
  buffer overflow in errprintf function
  - debian/patches/CVE-2009-4270.dpatch: use vsnprintf in base/gsmisc.c.
  - CVE-2009-4270
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
  procedure invocations (LP: #546009)
  - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
    all allocations were successful in psi/ialloc.c, psi/idosave.h,
    psi/isave.c.
  - CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
  (LP: #546009)
  - debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
    psi/int.mak, psi/iscan.c, psi/iscan.h.
  - CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
  - debian/patches/security-long-names.dpatch: check against maximum size
    in psi/iscan.c.
  - No CVE number yet.

50. By Marc Deslauriers on 2009-04-09

* SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
  dictionary segments
  - debian/patches/41_CVE-2009-0196.dpatch: validate size of runlength
    in export symbol table in jbig2dec/jbig2_symbol_dict.c.
  - CVE-2009-0196
* SECURITY UPDATE: denial of service and possible arbitrary code
  execution via integer overflows in icclib
  - debian/patches/42_CVE-2009-0792.dpatch: fix numerous overflows in
    icclib/icc.c.
  - CVE-2009-0792

49. By Till Kamppeter on 2009-04-05

debian/patches/40_pdfwrite-numcopies.dpatch: PDF output device of
Ghostscript did not take into account /#copies or /NumCopies in the
PostScript input, which made some applications, like OpenOffice.org
print only one copy also if more than one copy is requested. No
Ghostscript prints multiple copies with "pdfwrite" if it is called
with "-dDoNumCopies" (LP: #320391, upstream bug #690355).

48. By Marc Deslauriers on 2009-03-27

* SECURITY UPDATE: Arbitrary code execution due to integer overflows and
  insufficient upper-bounds checks in the ICC library
  - debian/patches/38_CVE-2009-0583_0584.dpatch: fix multiple integer
    overflows and perform bounds checking in icclib/icc.c.
  - CVE-2009-0583
  - CVE-2009-0584

47. By Till Kamppeter on 2009-03-25

debian/patches/00list: Really apply the patch for LP: #333429.

46. By Till Kamppeter on 2009-03-19

debian/local/apport-hook.py, debian/rules: Added apport hook (LP: #338442).

45. By Till Kamppeter on 2009-02-18

debian/patches/35_bitcmyk-blank-output.dpatch: The bitcmyk output device
produces zero length output (LP: #331127, upstream bug #690287).

44. By Till Kamppeter on 2009-02-03

New upstream release (Ghostscript 8.64 final release)
o No functional change. This is only to let the final release not
appear as a release candidate in the help output and documentation.

43. By Till Kamppeter on 2009-02-02

New upstream release (SVN rev 9432, RC3)
o Fix regression of X output being broken with large images or other
cases of the image buffer being used (Upstream bug #690222, #690260).
o Fixed the bbox output device for example3.ps in LP: #160203.

42. By Till Kamppeter on 2009-01-28

New upstream release
o Fix problem of X display not completely clearing the previous page
before drawing the next page (Upstream bug #690255).

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
lp:ubuntu/maverick/ghostscript
This branch contains Public information 
Everyone can see this information.

Subscribers