ghostscript 8.61.dfsg.1-1ubuntu3.4 source package in Ubuntu
Changelog
ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: arbitrary code execution or denial of service via
off-by-one in TrueType interpreter.
- debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
- CVE-2009-3743
* SECURITY UPDATE: denial of service via crafted font data
- debian/patches/CVE-2010-4054.dpatch: check for null pointers in
src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
- CVE-2010-4054
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
-- Marc Deslauriers <email address hidden> Tue, 20 Dec 2011 16:01:14 -0500
Upload details
- Uploaded by:
- Marc Deslauriers
- Uploaded to:
- Hardy
- Original maintainer:
- Ubuntu Developers
- Architectures:
- any
- Section:
- text
- Urgency:
- Low Urgency
See full publishing history Publishing
| Series | Published | Component | Section |
|---|
Downloads
| File | Size | SHA-256 Checksum |
|---|---|---|
| ghostscript_8.61.dfsg.1.orig.tar.gz | 11.6 MiB | 4ac4ccf7a6eeaa74f5d307382cd75b43b86cfbe1831f2aca99e1947fd44ca1fc |
| ghostscript_8.61.dfsg.1-1ubuntu3.4.diff.gz | 118.6 KiB | 0869d073cc687c1c600bc64165b13db3b4ff16363a4fbf0aba0aee6e37be4ace |
| ghostscript_8.61.dfsg.1-1ubuntu3.4.dsc | 1.8 KiB | d7b57d23dcd8bfaffc0216839621c41f3df6bc42ff10eecb979e270ed0832ba0 |
Available diffs
Binary packages built by this source
- ghostscript: No summary available for ghostscript in ubuntu hardy.
No description available for ghostscript in ubuntu hardy.
- ghostscript-doc: No summary available for ghostscript-doc in ubuntu hardy.
No description available for ghostscript-doc in ubuntu hardy.
- ghostscript-x: No summary available for ghostscript-x in ubuntu hardy.
No description available for ghostscript-x in ubuntu hardy.
- gs: No summary available for gs in ubuntu hardy.
No description available for gs in ubuntu hardy.
- gs-aladdin: No summary available for gs-aladdin in ubuntu hardy.
No description available for gs-aladdin in ubuntu hardy.
- gs-common: No summary available for gs-common in ubuntu hardy.
No description available for gs-common in ubuntu hardy.
- gs-esp: No summary available for gs-esp in ubuntu hardy.
No description available for gs-esp in ubuntu hardy.
- gs-esp-x: No summary available for gs-esp-x in ubuntu hardy.
No description available for gs-esp-x in ubuntu hardy.
- gs-gpl: No summary available for gs-gpl in ubuntu hardy.
No description available for gs-gpl in ubuntu hardy.
- libgs-dev: No summary available for libgs-dev in ubuntu hardy.
No description available for libgs-dev in ubuntu hardy.
- libgs-esp-dev: No summary available for libgs-esp-dev in ubuntu hardy.
No description available for libgs-esp-dev in ubuntu hardy.
- libgs8: No summary available for libgs8 in ubuntu hardy.
No description available for libgs8 in ubuntu hardy.
