ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
Date: Tue, 20 Dec 2011 15:44:19 -0500
Changed-By: Marc Deslauriers <[email protected]>
Maintainer: Ubuntu Developers <[email protected]>
https://launchpad.net/ubuntu/lucid/+source/ghostscript/8.71.dfsg.1-0ubuntu5.4
Format: 1.8
Date: Tue, 20 Dec 2011 15:44:19 -0500
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-cups
ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev
Architecture: source
Version: 8.71.dfsg.1-0ubuntu5.4
Distribution: lucid-security
Urgency: low
Maintainer: Ubuntu Developers <[email protected]>
Changed-By: Marc Deslauriers <[email protected]>
Description:
ghostscript - The GPL Ghostscript PostScript/PDF interpreter
ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS
filters
ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter -
Documentation
ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display
suppor
gs - Transitional package
gs-aladdin - Transitional package
gs-common - Dummy package depending on ghostscript
gs-esp - Transitional package
gs-esp-x - Transitional package
gs-gpl - Transitional package
libgs-dev - The Ghostscript PostScript Library - Development Files
libgs-esp-dev - Transitional package
libgs8 - The Ghostscript PostScript/PDF interpreter Library
Changes:
ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low
.
* SECURITY UPDATE: integer overflows via integer multiplication for
memory allocation
- debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
allocation functions and use them in:
* jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
jas_malloc.c,jas_seq.c}
* jasper/src/libjasper/bmp/bmp_dec.c
* jasper/src/libjasper/include/jasper/jas_malloc.h
* jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
* jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
* jasper/src/libjasper/mif/mif_cod.c
- CVE-2008-3520
* SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
- debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
jasper/src/libjasper/base/jas_stream.c
- CVE-2008-3522
* SECURITY UPDATE: denial of service and possible code execution via
heap-based buffer overflows.
- debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
- CVE-2011-4516
- CVE-2011-4517
Checksums-Sha1:
83fd5ae28443fde7b6de59960a690d4aeab8d931 2476
ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc
b14dbf3af224759d549eb2ac900185cb2d16fe87 72722
ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz
Checksums-Sha256:
9298bd2ab2fe94fc4805a0d20adc48586d60069aad4a8f0e283840c2bb367f3c 2476
ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc
aef08938e8800451c7cbbbae17e511e2259aa17de55052171bc1bdaf2d60d846 72722
ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz
Files:
edcdcb71f956a345e5f9a8cbcfed9048 2476 text optional
ghostscript_8.71.dfsg.1-0ubuntu5.4.dsc
6048c04445f3a6e59fab227a05794492 72722 text optional
ghostscript_8.71.dfsg.1-0ubuntu5.4.diff.gz
Original-Maintainer: Masayuki Hatta (mhatta) <[email protected]>
--
Lucid-changes mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/lucid-changes
