ubuntu/+source/ghostscript:applied/ubuntu/lucid-updates

Last commit made on 2015-01-26
Get this branch:
git clone -b applied/ubuntu/lucid-updates https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/lucid-updates
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

bf79e8e... by Marc Deslauriers on 2015-01-22

Import patches-applied version 8.71.dfsg.1-0ubuntu5.7 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 4575c278203720343976dd13237581a6395fedbf
Unapplied parent: 5ddedb9b06350c57231f43b35665dd3e93256711

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted ICC color profile
    - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
      jasper/src/libjasper/base/jas_icc.c, remove assert in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8137
  * SECURITY UPDATE: denial of service or code execution via invalid
    channel number
    - debian/patches/CVE-2014-8138.dpatch: validate channel number in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8138
  * SECURITY UPDATE: denial of service or code execution via off-by-one
    - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-8157
  * SECURITY UPDATE: denial of service or code execution via memory
    corruption
    - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
      sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
    - CVE-2014-8158

5ddedb9... by Marc Deslauriers on 2015-01-22

Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.7 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: e786b631ec0db8f34f47dc70a1957273153dc5ec

New changelog entries:
  * SECURITY UPDATE: denial of service via crafted ICC color profile
    - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
      jasper/src/libjasper/base/jas_icc.c, remove assert in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8137
  * SECURITY UPDATE: denial of service or code execution via invalid
    channel number
    - debian/patches/CVE-2014-8138.dpatch: validate channel number in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8138
  * SECURITY UPDATE: denial of service or code execution via off-by-one
    - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-8157
  * SECURITY UPDATE: denial of service or code execution via memory
    corruption
    - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
      sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
    - CVE-2014-8158

4575c27... by Marc Deslauriers on 2014-12-05

Import patches-applied version 8.71.dfsg.1-0ubuntu5.6 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: f67fef3131fb2a973081f0887766c2771c2261ad
Unapplied parent: e786b631ec0db8f34f47dc70a1957273153dc5ec

New changelog entries:
  * SECURITY UPDATE: heap overflows via crafted jp2 file
    - debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-9029

e786b63... by Marc Deslauriers on 2014-12-05

Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.6 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 8d773195f9ad657ae366d914a2f518f41544878f

New changelog entries:
  * SECURITY UPDATE: heap overflows via crafted jp2 file
    - debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-9029

f67fef3... by Marc Deslauriers on 2012-09-21

Import patches-applied version 8.71.dfsg.1-0ubuntu5.5 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: c128ab8a01b42ff8025e45351e0772f6d8a3e9d7
Unapplied parent: 8d773195f9ad657ae366d914a2f518f41544878f

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    icclib overflow
    - debian/patches/CVE-2012-4405.dpatch: validate input channels in
      icclib/icc.c.
    - CVE-2012-4405

8d77319... by Marc Deslauriers on 2012-09-21

Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.5 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: ad5d8fc9d812dd5208b21c4afa2921964be82f74

New changelog entries:
  * SECURITY UPDATE: denial of service and possible code execution via
    icclib overflow
    - debian/patches/CVE-2012-4405.dpatch: validate input channels in
      icclib/icc.c.
    - CVE-2012-4405

c128ab8... by Marc Deslauriers on 2011-12-20

Import patches-applied version 8.71.dfsg.1-0ubuntu5.4 to applied/ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: a832ce97945a8bf5c8f60002a791af48fa62ad2e
Unapplied parent: ad5d8fc9d812dd5208b21c4afa2921964be82f74

New changelog entries:
  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517

ad5d8fc... by Marc Deslauriers on 2011-12-20

Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.4 to ubuntu/lucid-security

Imported using git-ubuntu import.

Changelog parent: 0a5ddce63d2833254ab84e31f34b0de4c4861107

New changelog entries:
  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517

a832ce9... by Till Kamppeter on 2010-07-19

Import patches-applied version 8.71.dfsg.1-0ubuntu5.3 to applied/ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 7fce2efc4c70a7e84dd36650f7ef6e72a816c7d4
Unapplied parent: 0a5ddce63d2833254ab84e31f34b0de4c4861107

New changelog entries:
  * debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
    (LP: #583990, upstream bug #691344).

0a5ddce... by Till Kamppeter on 2010-07-19

Import patches-unapplied version 8.71.dfsg.1-0ubuntu5.3 to ubuntu/lucid-proposed

Imported using git-ubuntu import.

Changelog parent: 175237e5193723a1b704b0b249f325bc3fe5bf2f

New changelog entries:
  * debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
    (LP: #583990, upstream bug #691344).