ubuntu/+source/ghostscript:applied/ubuntu/zesty

Last commit made on 2016-12-16
Get this branch:
git clone -b applied/ubuntu/zesty https://git.launchpad.net/ubuntu/+source/ghostscript
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
applied/ubuntu/zesty
Repository:
lp:ubuntu/+source/ghostscript

Recent commits

0277cd5... by Emily Ratliff on 2016-12-15

Import patches-applied version 9.19~dfsg+1-0ubuntu7.1 to applied/ubuntu/zesty-proposed

Imported using git-ubuntu import.

Changelog parent: 9554d00244f2b020d91077a8466122dfab86324e
Unapplied parent: d5b8d2ce5402553d13edaeb44258b55347330f38

New changelog entries:
  * SECURITY UPDATE: Information disclosure through getenv, filenameforall
    - debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
      honor SAFER
    - CVE-2013-5653
  * SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
    - debian/patches/CVE-2016-7976.patch: Add a file permissions callback
    - CVE-2016-7976
  * SECURITY UPDATE: use-after-free and remote code execution
    - debian/patches/CVE-2016-7978.patch: Reference count device icc profile
    - CVE-2016-7978
  * SECURITY UPDATE: type confusion allows remote code execution
    - debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
    - CVE-2016-7979
  * SECURITY UPDATE: NULL dereference
    - debian/patches/CVE-2016-8602.patch: check for sufficient params
    - CVE-2016-8602
  * SECURITY UPDATE: fix SAFER permissions
    - debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
    - CVE-2016-7977

d5b8d2c... by Emily Ratliff on 2016-12-15

CVE-2016-8602: check for sufficient params in .sethalftone5 and param types

Gbp-Pq: CVE-2016-8602.patch.

f569f95... by Emily Ratliff on 2016-12-15

CVE-2016-7979: type confusion in .initialize_dsc_parser allows remote code execution

Gbp-Pq: CVE-2016-7979.patch.

8ea833b... by Emily Ratliff on 2016-12-15

CVE-2016-7978: reference leak in .setdevice allows use-after-free and remote code execution

Gbp-Pq: CVE-2016-7978.patch.

8393c41... by Emily Ratliff on 2016-12-15

CVE-2016-7977: .libfile doesn't check PermitFileReading array, allowing remote file disclosure

Gbp-Pq: CVE-2016-7977.patch.

c7131d0... by Emily Ratliff on 2016-12-15

CVE-2016-7976: Various userparams allow %pipe% in paths, allowing remote shell command execution

Gbp-Pq: CVE-2016-7976.patch.

28f5418... by Emily Ratliff on 2016-12-15

CVE-2013-5653: Information disclosure through getenv, filenameforall

Gbp-Pq: CVE-2013-5653.patch.

4db4168... by Emily Ratliff on 2016-12-15

Allow the build timestamp to be externally set

Gbp-Pq: 2010_add_build_timestamp_setting.patch.

f8cce17... by Emily Ratliff on 2016-12-15

Mention ghostscipt-x affect on default device in docs

Gbp-Pq: 2008_mention_ghostscript-x_in_docs.patch.

2a95a7f... by Emily Ratliff on 2016-12-15

Suggest install of ghostscript-doc in code

Gbp-Pq: 2007_suggest_install_ghostscript-doc_in_code.patch.