Ubuntu

“ghostscript” 8.61.dfsg.1-1ubuntu3.4 source package in Ubuntu

Changelog

ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: arbitrary code execution or denial of service via
    off-by-one in TrueType interpreter.
    - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c.
    - CVE-2009-3743
  * SECURITY UPDATE: denial of service via crafted font data
    - debian/patches/CVE-2010-4054.dpatch: check for null pointers in
      src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}.
    - CVE-2010-4054
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517
 -- Marc Deslauriers <email address hidden>   Tue, 20 Dec 2011 16:01:14 -0500

Upload details

Uploaded by:
Marc Deslauriers on 2011-12-20
Uploaded to:
Hardy
Original maintainer:
Ubuntu Developers
Component:
main
Architectures:
any
Section:
text
Urgency:
Low Urgency

See full publishing history Publishing

Series Pocket Published Component Section

Downloads

File Size MD5 Checksum
ghostscript_8.61.dfsg.1.orig.tar.gz 11.6 MiB 4669884352d6967153a13a1d413f26b2
ghostscript_8.61.dfsg.1-1ubuntu3.4.diff.gz 118.6 KiB 441506abe5d7d81c7600755eb9f21fc5
ghostscript_8.61.dfsg.1-1ubuntu3.4.dsc 1.8 KiB eca400a45c98398164c9c47ad1787aa1

Binary packages built by this source

ghostscript: The GPL Ghostscript PostScript/PDF interpreter

 Ghostscript is used for PostScript/PDF preview and printing. Usually as
 a back-end to a program such as ghostview, it can display PostScript and PDF
 documents in an X11 environment.
 .
 Furthermore, it can render PostScript and PDF files as graphics to be printed
 on non-PostScript printers. Supported printers include common
 dot-matrix, inkjet and laser models.
 .
 Package gsfonts contains a set of standard fonts for Ghostscript.
 .
 The Ghostscript home page is at http://www.ghostscript.com/

ghostscript-doc: The GPL Ghostscript PostScript/PDF interpreter - Documentation

 Ghostscript is used for PostScript/PDF preview and printing. Usually as
 a back-end to a program such as ghostview, it can display PostScript and PDF
 documents in an X11 environment.
 .
 The Ghostscript home page is at http://www.ghostscript.com/
 .
 This package contains the documentation of Ghostscript. As this documentation
 is only interesting for printer driver developers or advanced users, it is
 in this separate package which can be left out in space-restricted
 installations, like for example live CDs.

ghostscript-x: The GPL Ghostscript PostScript/PDF interpreter - X Display support

 Ghostscript is used for PostScript/PDF preview and printing. Usually as
 a back-end to a program such as ghostview, it can display PostScript and PDF
 documents in an X11 environment.
 .
 The Ghostscript home page is at http://www.ghostscript.com/
 .
 This package contains the Ghostscript output device for X11. It is in
 a separate package to allow the main package (ghostscript) to be installed
 on X-less servers.

gs: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs package (the package name has been changed to ghostscript).
 It may safely be removed after installation.

gs-aladdin: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs-aladdin package (the package is replaced by ghostscript).
 It may safely be removed after installation.

gs-common: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs-.../gs-common combo (the packages are replaced by ghostscript).
 It may safely be removed after installation.

gs-esp: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs-esp package (the package is replaced by ghostscript).
 It may safely be removed after installation.

gs-esp-x: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs-esp-x package (the package is replaced by ghostscript-x).
 It may safely be removed after installation.

gs-gpl: Transitional package

 This dummy package is provided for a smooth transition from the
 previous gs-gpl package (the package is replaced by ghostscript).
 It may safely be removed after installation.

libgs-dev: The Ghostscript PostScript Library - Development Files

 Ghostscript is used for PostScript/PDF preview and printing. Usually as
 a back-end to a program such as ghostview, it can display PostScript and PDF
 documents in an X11 environment.
 .
 The Ghostscript home page is at http://www.ghostscript.com/
 .
 This package provides the development files for the Ghostscript library
 which makes the facilities of Ghostscript available to applications.

libgs-esp-dev: Transitional package

 This dummy package is provided for a smooth transition from the
 previous libgs-esp-dev package (the package is replaced by libgs-dev).
 It may safely be removed after installation.

libgs8: The Ghostscript PostScript/PDF interpreter Library

 Ghostscript is used for PostScript/PDF preview and printing. Usually as
 a back-end to a program such as ghostview, it can display PostScript and PDF
 documents in an X11 environment.
 .
 The Ghostscript home page is at http://www.ghostscript.com/
 .
 This package provides the Ghostscript library which makes the
 facilities of Ghostscript available to applications.