Format: 1.7 Date: Tue, 20 Dec 2011 16:01:14 -0500 Source: ghostscript Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev Architecture: hppa Version: 8.61.dfsg.1-1ubuntu3.4 Distribution: hardy Urgency: low Maintainer: Ubuntu/hppa Build Daemon Changed-By: Marc Deslauriers Description: ghostscript - The GPL Ghostscript PostScript/PDF interpreter ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor gs - Transitional package gs-aladdin - Transitional package gs-common - Transitional package gs-esp - Transitional package gs-esp-x - Transitional package gs-gpl - Transitional package libgs-dev - The Ghostscript PostScript Library - Development Files libgs-esp-dev - Transitional package libgs8 - The Ghostscript PostScript/PDF interpreter Library Changes: ghostscript (8.61.dfsg.1-1ubuntu3.4) hardy-security; urgency=low . * SECURITY UPDATE: integer overflows via integer multiplication for memory allocation - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked allocation functions and use them in: * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c, jas_malloc.c,jas_seq.c} * jasper/src/libjasper/bmp/bmp_dec.c * jasper/src/libjasper/include/jasper/jas_malloc.h * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c} * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c, jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c, jpc_t2enc.c,jpc_tagtree.c,jpc_util.c} * jasper/src/libjasper/mif/mif_cod.c - CVE-2008-3520 * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf() - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in jasper/src/libjasper/base/jas_stream.c - CVE-2008-3522 * SECURITY UPDATE: arbitrary code execution or denial of service via off-by-one in TrueType interpreter. - debian/patches/CVE-2009-3743.dpatch: check for null in src/ttinterp.c. - CVE-2009-3743 * SECURITY UPDATE: denial of service via crafted font data - debian/patches/CVE-2010-4054.dpatch: check for null pointers in src/{gsgdata.c,gstype1.c,gstype2.c,gxtype1.c}. - CVE-2010-4054 * SECURITY UPDATE: denial of service and possible code execution via heap-based buffer overflows. - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c. - CVE-2011-4516 - CVE-2011-4517 Files: 0878e4191af056313ce6434d8d057992 776792 text optional ghostscript_8.61.dfsg.1-1ubuntu3.4_hppa.deb dade81f1b2cd4fffced4da66eb45d3b0 67542 text optional ghostscript-x_8.61.dfsg.1-1ubuntu3.4_hppa.deb 3ad0c87fb393afa98b829a9a02f941dc 2574570 libs optional libgs8_8.61.dfsg.1-1ubuntu3.4_hppa.deb 0c5636efd283689bd1f7637dbb9e261c 15118 libdevel optional libgs-dev_8.61.dfsg.1-1ubuntu3.4_hppa.deb Original-Maintainer: Masayuki Hatta (mhatta)