-
ghostscript (9.19~dfsg+1-0ubuntu6.6) yakkety-security; urgency=medium
* REGRESSION UPDATE: Fix for CVE-2017-8291 broke pstoedit when using
DELAYBIND feature (LP: #1687614).
- debian/patches/CVE-2017-8291-regression.patch: return false rather
than raise error when .eqproc is called with parameters that are
not both procedures; correct stack underflow detection.
-- Steve Beattie <email address hidden> Mon, 15 May 2017 14:41:00 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu6.4) yakkety-security; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Dont create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
-- Steve Beattie <email address hidden> Thu, 27 Apr 2017 17:19:53 -0700
-
ghostscript (9.19~dfsg+1-0ubuntu6.3) yakkety-security; urgency=medium
* SECURITY UPDATE: Fix regression introduced by fix for CVE-2013-5653
(LP: #1647276)
- debian/patches/CVE-2013-5653-regression.patch
-- Emily Ratliff <email address hidden> Mon, 05 Dec 2016 11:02:28 -0600
-
ghostscript (9.19~dfsg+1-0ubuntu6.2) yakkety-security; urgency=medium
* SECURITY UPDATE: Information disclosure through getenv, filenameforall
- debian/patches/CVE-2013-5653.patch: Have filenameforall and getenv
honor SAFER
- CVE-2013-5653
* SECURITY UPDATE: userparams with %pipe% in paths allow remote shell exec
- debian/patches/CVE-2016-7976.patch: Add a file permissions callback
- CVE-2016-7976
* SECURITY UPDATE: use-after-free and remote code execution
- debian/patches/CVE-2016-7978.patch: Reference count device icc profile
- CVE-2016-7978
* SECURITY UPDATE: type confusion allows remote code execution
- debian/patches/CVE-2016-7979.patch: DSC parser - validate parameters
- CVE-2016-7979
* SECURITY UPDATE: NULL dereference
- debian/patches/CVE-2016-8602.patch: check for sufficient params
- CVE-2016-8602
* SECURITY UPDATE: fix SAFER permissions
- debian/patches/CVE-2016-7977.patch: Be rigorous with SAFER permissions
- CVE-2016-7977
-- Emily Ratliff <email address hidden> Thu, 01 Dec 2016 08:57:08 -0600
-
ghostscript (9.19~dfsg+1-0ubuntu6.1) yakkety-proposed; urgency=medium
* debian/patches/020161028~0726780_gdevcups-pwgraster-bitmap-always-without-margins.patch:
"cups" output device: When creating PWG Raster output, always output
the bitmap of the full page, ignoring any unprintable margins suggested
by the PPD file (LP: #1637583).
-- Till Kamppeter <email address hidden> Mon, 14 Nov 2016 17:37:00 -0200
-
ghostscript (9.19~dfsg+1-0ubuntu6) yakkety; urgency=medium
* debian/rules:
+ Revert the dependency change in 9.19~dfsg+1-0ubuntu3
(LP: #1625734, LP: #1626245).
-- Gunnar Hjalmarsson <email address hidden> Thu, 22 Sep 2016 10:50:00 +0200
-
ghostscript (9.19~dfsg+1-0ubuntu5) yakkety; urgency=medium
* Fixed MediaPosition, ManualFeed, and MediaType options for the "pxlcolor"
and "pxlmono" drivers (PCL-XL printers, upstream bug #697025).
-- Till Kamppeter <email address hidden> Fri, 23 Sep 2016 17:17:58 -0300
-
ghostscript (9.19~dfsg+1-0ubuntu4) yakkety; urgency=medium
* Multiarchify the library packages.
-- Till Kamppeter <email address hidden> Fri, 16 Sep 2016 18:12:58 -0300
-
ghostscript (9.19~dfsg+1-0ubuntu3) yakkety; urgency=medium
* debian/rules:
+ Make libgs9-common recommend fonts-noto-cjk instead of
fonts-droid-fallback (LP: #1621210).
-- Gunnar Hjalmarsson <email address hidden> Thu, 15 Sep 2016 08:22:00 +0200
-
ghostscript (9.19~dfsg+1-0ubuntu2) yakkety; urgency=medium
* Merged Debian's Ghostscript 9.19~dfsg-2 package, remaining Ubuntu change:
+ openjpeg library bundled with upstream Ghostscript/GhostPDL used
instead of the original openjpeg library, as the original library
is not accepted into Ubuntu Main
(https://bugs.launchpad.net/bugs/711061). Due to this, the new patch
1001 which fixes the use of external libopenjpeg was not overtaken.
Changes from the Debian package:
+ Modernize cdbs use. Tighten build-dependency on cdbs.
+ Declare compliance with Debian Policy 3.9.8.
+ Update watch file: Fix avoid use of uupdate (unneeded with gbp).
+ Build-depend on licensecheck (not devscripts).
-- Till Kamppeter <email address hidden> Fri, 12 Aug 2016 14:54:58 -0300
-
ghostscript (9.19~dfsg+1-0ubuntu1) yakkety; urgency=medium
* Merged Debian's Ghostscript 9.19 package, remaining Ubuntu change:
+ openjpeg library bundled with upstream Ghostscript/GhostPDL used
instead of the original openjpeg library, as the original library
is not accepted into Ubuntu Main
(https://bugs.launchpad.net/bugs/711061).
* debian/libgs9.symbols: Updated for new upstream source. Applied patch
which dpkg-gensymbols generated.
-- Till Kamppeter <email address hidden> Thu, 4 Aug 2016 00:25:58 -0300
-
ghostscript (9.18~dfsg~0-0ubuntu5) yakkety; urgency=medium
* Mark png_push_fill_buffer symbol as optional.
-- Matthias Klose <email address hidden> Sat, 23 Apr 2016 16:51:29 +0200
-
ghostscript (9.18~dfsg~0-0ubuntu4) yakkety; urgency=medium
* libgs-dev: Depend on libpng-dev.
-- Matthias Klose <email address hidden> Sat, 23 Apr 2016 16:12:35 +0200
-
ghostscript (9.18~dfsg~0-0ubuntu3) yakkety; urgency=medium
* No-change rebuild for libpng soname change.
-- Matthias Klose <email address hidden> Sat, 23 Apr 2016 00:07:03 +0000
-
ghostscript (9.18~dfsg~0-0ubuntu2) xenial; urgency=medium
* Backport change from Debian
"Add patch cherry-picked upstream to fix add gserrors.h to the
installed files for the so-install target."
-- Sebastien Bacher <email address hidden> Mon, 29 Feb 2016 11:35:03 +0100