Ubuntu
ghostscript package

Change logs for ghostscript source package in Lucid

  1. Lucid (10.04)
  2. Change log 
  • ghostscript (8.71.dfsg.1-0ubuntu5.7) lucid-security; urgency=medium

  * SECURITY UPDATE: denial of service via crafted ICC color profile
    - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
      jasper/src/libjasper/base/jas_icc.c, remove assert in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8137
  * SECURITY UPDATE: denial of service or code execution via invalid
    channel number
    - debian/patches/CVE-2014-8138.dpatch: validate channel number in
      jasper/src/libjasper/jp2/jp2_dec.c.
    - CVE-2014-8138
  * SECURITY UPDATE: denial of service or code execution via off-by-one
    - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-8157
  * SECURITY UPDATE: denial of service or code execution via memory
    corruption
    - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
      sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
    - CVE-2014-8158
 -- Marc Deslauriers <email address hidden>   Thu, 22 Jan 2015 13:09:28 -0500
  • ghostscript (8.71.dfsg.1-0ubuntu5.6) lucid-security; urgency=medium

  * SECURITY UPDATE: heap overflows via crafted jp2 file
    - debian/patches/CVE-2014-9029.dpatch: fix off-by-one in
      jasper/src/libjasper/jpc/jpc_dec.c.
    - CVE-2014-9029
 -- Marc Deslauriers <email address hidden>   Fri, 05 Dec 2014 15:47:32 -0500
  • ghostscript (8.71.dfsg.1-0ubuntu5.5) lucid-security; urgency=low

  * SECURITY UPDATE: denial of service and possible code execution via
    icclib overflow
    - debian/patches/CVE-2012-4405.dpatch: validate input channels in
      icclib/icc.c.
    - CVE-2012-4405
 -- Marc Deslauriers <email address hidden>   Fri, 21 Sep 2012 08:55:37 -0400
  • ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517
 -- Marc Deslauriers <email address hidden>   Tue, 20 Dec 2011 15:44:19 -0500
  • ghostscript (8.71.dfsg.1-0ubuntu5.3) lucid-proposed; urgency=low

  * debian/patches/ps2pdf-hyperlinks.dpatch: Let ps2pdf create proper hyperlinks
    (LP: #583990, upstream bug #691344).
 -- Till Kamppeter <email address hidden>   Mon, 19 Jul 2010 19:15:20 +0200
  • ghostscript (8.71.dfsg.1-0ubuntu5.2) lucid-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via unlimited recursive
    procedure invocations (LP: #546009)
    - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
      all allocations were successful in psi/ialloc.c, psi/idosave.h,
      psi/isave.c.
    - CVE-2010-1628
 -- Marc Deslauriers <email address hidden>   Fri, 09 Jul 2010 08:06:19 -0400
  • ghostscript (8.71.dfsg.1-0ubuntu5.1) lucid-proposed; urgency=low

  * debian/patches/pdf-interpreter-segfault-fixes.dpatch,
    debian/patches/cups-raster-fixes.dpatch,
    debian/patches/fapi-buildchar-object-null-check.dpatch,
    debian/patches/cups-raster-error-out-without-segfault-and-force-banding.dpatch,
    debian/patches/cups-raster-fix-memory-reallocation.dpatch: Fixed several
    problems in the PDF interpreter and the CUPS Raster output device of
    Ghostscript to avoid Ghostscript erroring out or even crashing on many
    input files when printing with a CUPS Raster driver (LP: 539708, upstream
    bug #691014). Joined all changes on cups/gdevcups.c into one patch as
    the patches are overlapping and parts of the old patches are undone.
 -- Till Kamppeter <email address hidden>   Thu, 29 Apr 2010 09:43:23 +0200
  • ghostscript (8.71.dfsg.1-0ubuntu5) lucid; urgency=low

  * debian/patches/pdf2dsc-fix-for-pdflatex-preview.dpatch:
    Fix pdflatex preview mode using the patch from http://svn.ghostscript.com/viewvc?view=rev&revision=10778
    by William Bader (LP: #543266)
 -- Josh Holland <email address hidden>   Fri, 02 Apr 2010 08:25:31 +0100
  • ghostscript (8.71.dfsg.1-0ubuntu4) lucid; urgency=low

  * debian/patches/cups-raster-error-out-without-segfault-and-force-banding.dpatch:
    Make the "cups" output device (CUPS Raster) error out correctly without
    causing segfaults and also force banding mode as some PDFs do not render
    otherwise (LP: #534525).
 -- Till Kamppeter <email address hidden>   Tue, 23 Mar 2010 10:22:23 +0100
  • ghostscript (8.71.dfsg.1-0ubuntu3) lucid; urgency=low

  * debian/patches/pdftoraster-wait-for-ghostscript.dpatch: pdftoraster exited
    already before its Ghostscript subprocess finished. Thanks to Tim Waugh
    from Red Hat for the fix.
  * debian/patches/cups-raster-fix-memory-reallocation.dpatch: Fixed bug
    in memory reallocation on bitmap size changes. Color depth was not
    taken into account. This caused black pages to be printed with some
    CUPS Raster drivers, like Turboprint. Fixes upstream bugs #691029 and
    #691108.
  * debian/patches/fix-broken-korean-example.dpatch: Fixed example file for
    rendering Korean text.
 -- Till Kamppeter <email address hidden>   Tue,  9 Mar 2010 17:56:23 +0100
  • ghostscript (8.71.dfsg.1-0ubuntu2) lucid; urgency=low

  * no-cant-refill-scanner-input-buffer-error.dpatch: Ghostscript errored out
    when getting fed with the Ubuntu test page
    (/usr/share/system-config-printer/testpage-a4.ps) on stdin giving a
    "Can't refill scanner input buffer" error. (Upstream bugs #691137,
    #690909).
 -- Till Kamppeter <email address hidden>   Wed, 24 Feb 2010 10:08:23 +0100
  • ghostscript (8.71.dfsg.1-0ubuntu1) lucid; urgency=low

  * New upstream release
     o libtiff-based tiff file output
     o New "tiffsep1" output device produces halftoned separations at 1 bit
       per pixel
     o Improved FreeType-based font rasterizing (not yet used as default)
     o Improved graphics library for vector graphics conversions
     o Many bug fixes on the PCL-XL printer drivers ("pxlmono", "pxlcolor")
     o Fixes on back side handling for duplex printing in the CUPS Raster
       output device ("cups").
  * debian/patches/gs-cups-rgb-gamma.dpatch,
    debian/patches/cljet5-mediasize-fix.dpatch,
    debian/patches/pxl-driver-fixes.dpatch,
    debian/patches/gs-cups-fix-backside-on-duplex-jobs.dpatch: Removed patches
    backported from upstream.
  * debian/patches/fix-build-of-executables.dpatch: Fix build of the "gs"
    executable, it was built as a shared library and not as an executable.
    This lead to an immediate segfault even before "main()" got called.
    Thanks to Robin Watts from Ghostscript for the quick fix.
  * debian/control: Added build dependency on libtiff-dev.
  * debian/ghostscript.links: s/8.70/8.71/
 -- Till Kamppeter <email address hidden>   Thu, 11 Feb 2010 11:31:23 +0100
  • ghostscript (8.70.dfsg.1-0ubuntu5) lucid; urgency=low

  * debian/patches/gs-cups-fix-backside-on-duplex-jobs.dpatch: The "cups"
    output device (generating input for the CUPS Raster drivers) did not
    update the margins and page orientation for the back sides in time and
    so the back side was often the wrong way around, especially with printers
    which print the back sides backwards, like HP inkjets. The problem occurs
    only with PostScript as input and not with PDF, which made the bug not
    showing in Ubuntu and Debian. This change is applied to Ubuntu's
    Ghostscript so that Lucid users regression-test it before Ghostscript
    8.71 gets released in February (HPLIP upstream bug: LP: #484928).
 -- Till Kamppeter <email address hidden>   Tue, 26 Jan 2010 15:25:23 +0100
  • ghostscript (8.70.dfsg.1-0ubuntu4) lucid; urgency=low

  * debian/patches/pxl-driver-fixes.dpatch: Several upstream bug fixes
    on the PCL-XL drivers ("pxlcolor"/"pxlmono") in Ghostscript, especially
    also for PDF input. Thanks to Hin-Tak Leung on putting all that work
    into this driver which stayed nearly untouched for around 10 years.
    (LP: #361772).
 -- Till Kamppeter <email address hidden>   Mon,  7 Dec 2009 20:23:23 +0100
  • ghostscript (8.70.dfsg.1-0ubuntu3) karmic; urgency=low

  * debian/patches/cljet5-mediasize-fix.dpatch: Upstream fix for the media
    size handling of the "cljet5" printer driver.

 -- Till Kamppeter <email address hidden>   Mon, 12 oct 2009 15:47:23 +0200