ghostscript 8.61.dfsg.1-1ubuntu3.4 source package in Ubuntu

Changelog

ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    off-by-one in TrueType interpreter.
    - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
    - CVE-2009-3743
  * SECURITY UPDATE: denial of service via crafted font data
    - debian/patches/CVE-2010-4054.dpatch: check for null pointers in
      src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
    - CVE-2010-4054
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517
 -- Marc Deslauriers <email address hidden>   Tue, 20 Dec 2011 16:01:14 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2011-12-20
Uploaded to:
Hardy
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
text
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
ghostscript_8.61.dfsg.1.orig.tar.gz 11.6 MiB 4669884352d6967153a13a1d413f26b2
ghostscript_8.61.dfsg.1-1ubuntu3.4.diff.gz 118.6 KiB 441506abe5d7d81c7600755eb9f21fc5
ghostscript_8.61.dfsg.1-1ubuntu3.4.dsc 1.8 KiB eca400a45c98398164c9c47ad1787aa1

View changes file

Binary packages built by this source

ghostscript: No summary available for ghostscript in ubuntu hardy.

No description available for ghostscript in ubuntu hardy.

ghostscript-doc: No summary available for ghostscript-doc in ubuntu hardy.

No description available for ghostscript-doc in ubuntu hardy.

ghostscript-x: No summary available for ghostscript-x in ubuntu hardy.

No description available for ghostscript-x in ubuntu hardy.

gs: No summary available for gs in ubuntu hardy.

No description available for gs in ubuntu hardy.

gs-aladdin: No summary available for gs-aladdin in ubuntu hardy.

No description available for gs-aladdin in ubuntu hardy.

gs-common: No summary available for gs-common in ubuntu hardy.

No description available for gs-common in ubuntu hardy.

gs-esp: No summary available for gs-esp in ubuntu hardy.

No description available for gs-esp in ubuntu hardy.

gs-esp-x: No summary available for gs-esp-x in ubuntu hardy.

No description available for gs-esp-x in ubuntu hardy.

gs-gpl: No summary available for gs-gpl in ubuntu hardy.

No description available for gs-gpl in ubuntu hardy.

libgs-dev: No summary available for libgs-dev in ubuntu hardy.

No description available for libgs-dev in ubuntu hardy.

libgs-esp-dev: No summary available for libgs-esp-dev in ubuntu hardy.

No description available for libgs-esp-dev in ubuntu hardy.

libgs8: No summary available for libgs8 in ubuntu hardy.

No description available for libgs8 in ubuntu hardy.