Ubuntu
cupsys package

Change logs for cupsys source package in Warty

  1. Warty (4.10)
  2. Change log 
  • cupsys (1.1.20final+cvs20040330-4ubuntu16.11) warty-security; urgency=low

  * SECURITY UPDATE: Buffer overflows.
  * Add debian/patches/47CVE-2006-1244.patch:
    - xpdf/JBIG2Stream.cc, xpdf/Stream.h: Fix various integer overflows.
    - Upstream patch from Derek Noonburg.
  * CVE-2006-1244

 -- Martin Pitt <email address hidden>   Wed, 12 Apr 2006 10:18:37 +0200
  • cupsys (1.1.20final+cvs20040330-4ubuntu16.10) warty-security; urgency=low


  * SECURITY UPDATE: Multiple integer/buffer overflows.
  * Add debian/patches/46CVE-2005-3624_5_7.patch:
  * pdftops/Stream.cxx, CCITTFaxStream::CCITTFaxStream():
    - Check columns for negative or large values.
    - CVE-2005-3624
  * pdftops/Stream.cxx, numComps checks introduced in CVE-2005-3191 patch:
    - Reset numComps to 0 since it's a global variable that is used later.
    - CVE-2005-3627
  * pdftops/Stream.cxx, DCTStream::readHuffmanTables():
    - Fix out of bounds array access in Huffman tables.
    - CVE-2005-3627
  * pdftops/Stream.cxx, DCTStream::readMarker():
    - Check for EOF in while loop to prevent endless loops.
    - CVE-2005-3625
  * pdftops/JBIG2Stream.cxx, JBIG2Bitmap::JBIG2Bitmap(), JBIG2Bitmap::expand(),
    JBIG2Stream::readHalftoneRegionSeg():
    - Check user supplied width and height against invalid values.
    - Allocate one extra byte to prevent out of bounds access in combine().

 -- Martin Pitt <email address hidden>  Thu,  5 Jan 2006 14:38:17 +0100
  • cupsys (1.1.20final+cvs20040330-4ubuntu16.9) warty-security; urgency=low


  * SECURITY UPDATE: Multiple integer/buffer overflows.
  * Add debian/patches/45CVE-2005-3191_2.patch:
  * pdftops/Stream.cxx, DCTStream::readBaselineSOF(),
    DCTStream::readProgressiveSOF(), DCTStream::readScanInfo():
    - Check numComps for invalid values.
    - http://www.idefense.com/application/poi/display?id=342&type=vulnerabilities
    - CVE-2005-3191
  * pdftops/Stream.cxx, StreamPredictor::StreamPredictor():
    - Check rowBytes for invalid values.
    - http://www.idefense.com/application/poi/display?id=344&type=vulnerabilities
    - CVE-2005-3192
  * Note: This embedded xpdf version does not support JPX, thus is not
    vulnerable against CVE-2005-3193.

 -- Martin Pitt <email address hidden>  Mon, 12 Dec 2005 11:21:30 +0100
  • cupsys (1.1.20final+cvs20040330-4ubuntu16) warty; urgency=low


  * cupsys.init.d: do not exit the script if chmod/chown of the printer driver
    directory fails; route error message to /dev/null. This allows to have a
    read-only /usr partition. (Warty bug #2496)

 -- Martin Pitt <email address hidden>  Mon, 18 Oct 2004 19:35:09 +0200