Ubuntu

“ghostscript” 8.71.dfsg.1-0ubuntu5.4 source package in The Lucid Lynx

Publishing history

8.71.dfsg.1-0ubuntu5.4
SUPERSEDED: Lucid pocket Updates in component main and section text
  • Removed from disk on 2012-09-25.
  • Removal requested on 2012-09-25.
  • Superseded on 2012-09-24 by ghostscript - 8.71.dfsg.1-0ubuntu5.5
  • Published on 2012-01-04
  • Copied from ubuntu lucid in Private PPA for Ubuntu Security Team
8.71.dfsg.1-0ubuntu5.4
SUPERSEDED: Lucid pocket Security in component main and section text
  • Removed from disk on 2012-09-25.
  • Removal requested on 2012-09-25.
  • Superseded on 2012-09-24 by ghostscript - 8.71.dfsg.1-0ubuntu5.5
  • Published on 2012-01-04
  • Copied from ubuntu lucid in Private PPA for Ubuntu Security Team

Builds

Changelog

ghostscript (8.71.dfsg.1-0ubuntu5.4) lucid-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517
 -- Marc Deslauriers <email address hidden>   Tue, 20 Dec 2011 15:44:19 -0500