-
ghostscript (9.26~dfsg+0-0ubuntu7.4) disco-security; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput when
loading fonts
- debian/patches/CVE-2019-14869.patch: remove use of .forceput in
Resource/Init/gs_ttf.ps.
- CVE-2019-14869
-- Marc Deslauriers <email address hidden> Wed, 06 Nov 2019 10:45:54 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu7.3) disco-security; urgency=medium
* SECURITY UPDATE: '-dSAFER' restrictions bypass by .forceput
Exposures
- debian/patches/CVE-2019-14811-CVE-2019-14812-CVE-2019-14813.patch:
Be more defensive by preventing access to .forceput from
.setuserparams2.
- CVE-2019-14811
- CVE-2019-14812
- CVE-2019-14813
- debian/patches/CVE-2019-14817.patch: mark more uses of .forceput
as execteonly
- CVE-2019-14817
-- Steve Beattie <email address hidden> Tue, 27 Aug 2019 20:56:05 -0700
-
ghostscript (9.26~dfsg+0-0ubuntu7.2) disco-security; urgency=medium
* SECURITY UPDATE: `-dSAFER` restrictions bypass
- debian/patches/CVE-2019-10216.patch: protect use of .forceput
with executeonly
- CVE-2019-10216
-- Steve Beattie <email address hidden> Thu, 08 Aug 2019 17:25:31 -0700
-
ghostscript (9.26~dfsg+0-0ubuntu7.1) disco-security; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-3839-1.patch: hide pdfdict and GS_PDF_ProcSet
in Resource/Init/pdf_base.ps, Resource/Init/pdf_draw.ps,
Resource/Init/pdf_font.ps, Resource/Init/pdf_main.ps,
Resource/Init/pdf_ops.ps, Resource/Init/pdf_sec.ps.
- debian/patches/CVE-2019-3839-2.patch: fix lib/pdf2dsc.ps to use
documented Ghostscript pdf procedures in lib/pdf2dsc.ps.
- CVE-2019-3839
-- Marc Deslauriers <email address hidden> Tue, 07 May 2019 11:28:11 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu7) disco; urgency=medium
* SECURITY UPDATE: superexec operator is available
- debian/patches/CVE-2019-3835-pre1.patch: Have gs_cet.ps run from
gs_init.ps in Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-pre2.patch: Undef /odef in
Resource/Init/gs_cet.ps, Resource/Init/gs_init.ps.
- debian/patches/CVE-2019-3835-1.patch: restrict superexec and remove
it in Resource/Init/gs_cet.ps, Resource/Init/gs_dps1.ps,
Resource/Init/gs_fonts.ps, Resource/Init/gs_init.ps,
Resource/Init/gs_ttf.ps, Resource/Init/gs_type1.ps.
- debian/patches/CVE-2019-3835-2.patch: obliterate superexec in
Resource/Init/gs_init.ps, psi/icontext.c, psi/icstate.h,
psi/zcontrol.c, psi/zdict.c, psi/zgeneric.c.
- CVE-2019-3835
* SECURITY UPDATE: forceput in DefineResource is still accessible
- debian/patches/CVE-2019-3838-1.patch: make a transient proc
executeonly in Resource/Init/gs_res.ps.
- debian/patches/CVE-2019-3838-2.patch: an extra transient proc needs
executeonly in Resource/Init/gs_res.ps.
- CVE-2019-3838
-- Marc Deslauriers <email address hidden> Thu, 21 Mar 2019 13:15:30 -0400
-
ghostscript (9.26~dfsg+0-0ubuntu6) disco; urgency=medium
* SECURITY REGRESSION: Previous regression fix causes blue background
(LP: #1817308)
- debian/patches/lp1815339-2.patch: properly map RGBW color space in
cups/gdevcups.c.
-- Marc Deslauriers <email address hidden> Mon, 25 Feb 2019 09:29:45 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu5) disco; urgency=medium
* SECURITY REGRESSION: High RIP_MAX_CACHE makes cups output device fail
(LP: #1815339)
- debian/patches/lp1815339.patch: fix logic in cups/gdevcups.c.
-- Marc Deslauriers <email address hidden> Wed, 20 Feb 2019 10:37:16 +0100
-
ghostscript (9.26~dfsg+0-0ubuntu4) disco; urgency=medium
* SECURITY UPDATE: code execution vulnerability
- debian/patches/CVE-2019-6116.patch: address .force* operators
exposure in Resource/Init/gs_diskn.ps, Resource/Init/gs_dps1.ps,
Resource/Init/gs_fntem.ps, Resource/Init/gs_fonts.ps,
Resource/Init/gs_init.ps, Resource/Init/gs_lev2.ps,
Resource/Init/gs_pdfwr.ps, Resource/Init/gs_res.ps,
Resource/Init/gs_setpd.ps, Resource/Init/pdf_base.ps,
Resource/Init/pdf_draw.ps, Resource/Init/pdf_font.ps,
Resource/Init/pdf_main.ps, Resource/Init/pdf_ops.ps,
psi/int.mak, psi/interp.c, psi/istack.c, psi/istack.h.
- CVE-2019-6116
* debian/libgs9.symbols: added new symbol.
-- Marc Deslauriers <email address hidden> Wed, 23 Jan 2019 13:02:37 -0500
-
ghostscript (9.26~dfsg+0-0ubuntu3) disco; urgency=low
* Backported upstream patch to prevent crashes when calling Ghostscript
with a PDF file and "-dLastPage=1" (LP: #1806517, upstream bug #700315).
-- Till Kamppeter <email address hidden> Wed, 5 Dec 2018 16:47:06 +0100
-
ghostscript (9.26~dfsg+0-0ubuntu2) disco; urgency=low
* Backported upstream patch to make Duplex on non-default page sizes work
(on certain PostScript printers, upstream bug #700232).
-- Till Kamppeter <email address hidden> Thu, 29 Nov 2018 22:52:06 +0100
-
ghostscript (9.26~dfsg+0-0ubuntu1) disco; urgency=medium
* SECURITY UPDATE: Updated to 9.26 to fix multiple security issues
- CVE-2018-19409
- CVE-2018-19475
- CVE-2018-19476
- CVE-2018-19477
* Removed patches included in new version:
- debian/patches/0218*.patch
- debian/patches/lp1800062.patch
* debian/libgs9.symbols: updated for new version.
-- Marc Deslauriers <email address hidden> Wed, 28 Nov 2018 07:12:52 -0500
-
ghostscript (9.25~dfsg+1-0ubuntu1.1) cosmic-security; urgency=medium
* SECURITY UPDATE: Multiple security issues
- debian/patches/0218*.patch: multiple cherry-picked upstream commits
to fix security issues. Thanks to Jonas Smedegaard for cherry-picking
these for Debian's 9.25~dfsg-3 package.
- debian/libgs9.symbols: added new symbol.
- CVE-2018-17961
- CVE-2018-18073
- CVE-2018-18284
* Fix LeadingEdge regression introduced in 9.22. (LP: #1800062)
- debian/patches/lp1800062.patch: fix cups get/put_params LeadingEdge
logic in cups/gdevcups.c.
-- Marc Deslauriers <email address hidden> Tue, 30 Oct 2018 08:38:06 -0400
-
ghostscript (9.25~dfsg+1-0ubuntu1) cosmic; urgency=medium
* New upstream bug fix release
Highlights:
- Highly recommended by upstream, release done to fix regressions in 9.24.
- This release fixes problems with argument handling, some unintended
results of the security fixes to the SAFER file access restrictions
(specifically accessing ICC profile files), and some additional security
issues over the recent 9.24 release.
- Note: The ps2epsi utility does not, and cannot call Ghostscript with
the -dSAFER command line option. It should never be called with input
from untrusted sources.
* Removed patch 020180906-bc3df07-*.patch backported from upstream.
* Refreshed patches 2003_support_multiarch.patch and
2007_suggest_install_ghostscript-doc_in_code.patch with quilt.
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <email address hidden> Thu, 13 Sep 2018 20:27:06 +0200