lp:ubuntu/lucid-updates/ghostscript
- Get this branch:
- bzr branch lp:ubuntu/lucid-updates/ghostscript
Branch merges
Branch information
Recent revisions
- 73. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service via crafted ICC color profile
- debian/patches/ CVE-2014- 8137.dpatch: prevent double-free in
jasper/src/libjasper/ base/jas_ icc.c, remove assert in
jasper/src/libjasper/ jp2/jp2_ dec.c.
- CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
channel number
- debian/patches/ CVE-2014- 8138.dpatch: validate channel number in
jasper/src/libjasper/ jp2/jp2_ dec.c.
- CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
- debian/patches/ CVE-2014- 8157.dpatch: fix off-by-one in
jasper/src/libjasper/ jpc/jpc_ dec.c.
- CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
corruption
- debian/patches/ CVE-2014- 8158.dpatch: remove HAVE_VLA to use more
sensible buffer sizes in jasper/src/libjasper/ jpc/jpc_ qmfb.c.
- CVE-2014-8158 - 72. By Marc Deslauriers
-
* SECURITY UPDATE: heap overflows via crafted jp2 file
- debian/patches/ CVE-2014- 9029.dpatch: fix off-by-one in
jasper/src/libjasper/ jpc/jpc_ dec.c.
- CVE-2014-9029 - 71. By Marc Deslauriers
-
* SECURITY UPDATE: denial of service and possible code execution via
icclib overflow
- debian/patches/ CVE-2012- 4405.dpatch: validate input channels in
icclib/icc.c.
- CVE-2012-4405 - 70. By Marc Deslauriers
-
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/ CVE-2008- 352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/ base/{jas_ cm.c,jas_ icc.c,jas_ image.c,
jas_malloc. c,jas_seq. c}
* jasper/src/libjasper/ bmp/bmp_ dec.c
* jasper/src/libjasper/ include/ jasper/ jas_malloc. h
* jasper/src/libjasper/ jp2/{jp2_ cod.c,jp2_ dec.c,jp2_ enc.c}
* jasper/src/libjasper/ jpc/{jpc_ cs.c,jpc_ dec.c,jpc_ enc.c,jpc_ mqdec.c,
jpc_mqenc.c, jpc_qmfb. c,jpc_t1enc. c,jpc_t2cod. c,jpc_t2dec. c,
jpc_t2enc.c, jpc_tagtree. c,jpc_util. c}
* jasper/src/libjasper/ mif/mif_ cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/ CVE-2008- 352x.dpatch: use vsnprintf() in
jasper/src/libjasper/ base/jas_ stream. c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/ CVE-2011- 451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/ jpc/jpc_ cs.c.
- CVE-2011-4516
- CVE-2011-4517 - 69. By Marc Deslauriers
-
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/ CVE-2010- 1628.dpatch: only initialize structures if
all allocations were successful in psi/ialloc.c, psi/idosave.h,
psi/isave.c.
- CVE-2010-1628 - 67. By Till Kamppeter
-
debian/
patches/ cups-raster- error-out- without- segfault- and-force- banding. dpatch:
Make the "cups" output device (CUPS Raster) error out correctly without
causing segfaults and also force banding mode as some PDFs do not render
otherwise (LP: #534525). - 66. By Till Kamppeter
-
* debian/
patches/ pdftoraster- wait-for- ghostscript. dpatch: pdftoraster exited
already before its Ghostscript subprocess finished. Thanks to Tim Waugh
from Red Hat for the fix.
* debian/patches/ cups-raster- fix-memory- reallocation. dpatch: Fixed bug
in memory reallocation on bitmap size changes. Color depth was not
taken into account. This caused black pages to be printed with some
CUPS Raster drivers, like Turboprint. Fixes upstream bugs #691029 and
#691108.
* debian/patches/ fix-broken- korean- example. dpatch: Fixed example file for
rendering Korean text. - 65. By Till Kamppeter
-
no-cant-
refill- scanner- input-buffer- error.dpatch: Ghostscript errored out
when getting fed with the Ubuntu test page
(/usr/share/system- config- printer/ testpage- a4.ps) on stdin giving a
"Can't refill scanner input buffer" error. (Upstream bugs #691137,
#690909). - 64. By Till Kamppeter
-
* New upstream release
o libtiff-based tiff file output
o New "tiffsep1" output device produces halftoned separations at 1 bit
per pixel
o Improved FreeType-based font rasterizing (not yet used as default)
o Improved graphics library for vector graphics conversions
o Many bug fixes on the PCL-XL printer drivers ("pxlmono", "pxlcolor")
o Fixes on back side handling for duplex printing in the CUPS Raster
output device ("cups").
* debian/patches/ gs-cups- rgb-gamma. dpatch,
debian/patches/ cljet5- mediasize- fix.dpatch,
debian/patches/ pxl-driver- fixes.dpatch,
debian/patches/ gs-cups- fix-backside- on-duplex- jobs.dpatch: Removed patches
backported from upstream.
* debian/patches/ fix-build- of-executables. dpatch: Fix build of the "gs"
executable, it was built as a shared library and not as an executable.
This lead to an immediate segfault even before "main()" got called.
Thanks to Robin Watts from Ghostscript for the quick fix.
* debian/control: Added build dependency on libtiff-dev.
* debian/ghostscript. links: s/8.70/8.71/
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/maverick/ghostscript