[ubuntu/artful-proposed] ghostscript 9.19~dfsg+1-0ubuntu8 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Fri May 12 15:13:20 UTC 2017
ghostscript (9.19~dfsg+1-0ubuntu8) artful; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Dont create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
Date: Thu, 27 Apr 2017 16:00:11 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Thu, 27 Apr 2017 16:00:11 -0700
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.19~dfsg+1-0ubuntu8
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
ghostscript - interpreter for the PostScript language and for PDF
ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
libgs-dev - interpreter for the PostScript language and for PDF - Development
libgs9 - interpreter for the PostScript language and for PDF - Library
libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
ghostscript (9.19~dfsg+1-0ubuntu8) artful; urgency=medium
.
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Dont create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
Checksums-Sha1:
dba67909a6f110b38575f571e170c6a2f216afdc 2955 ghostscript_9.19~dfsg+1-0ubuntu8.dsc
752c3f477a5b2b8fddf54a201514af370a8ba10e 110396 ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
f667fd95b19af289258fc4b25c2d4c4b89c17de1 12847 ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Checksums-Sha256:
15a89ce0913196708b6c32e177b1409cbcd57dc9f9e4617018c71f8bb297bcc3 2955 ghostscript_9.19~dfsg+1-0ubuntu8.dsc
e113d37001b970e467a9cd1b13b4cfa71fdc370a3b7ff38480495480a4fe6eba 110396 ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
926145de9a4be0632ac9fd2cf7325a24c7423f35904ea2bdc275f4c300f48018 12847 ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Files:
c6bc89b084f615378d5a92310521311b 2955 text optional ghostscript_9.19~dfsg+1-0ubuntu8.dsc
6f4c3d6e16bf888deb1c1a394f8a4cda 110396 text optional ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
43adb17b9dd55e4e2041a1f1f02e7c8f 12847 text optional ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCgAGBQJZFdBoAAoJEGVp2FWnRL6TpXEP/inZIkcEdDeD1bOwUZURGfi4
nPgWyHG9jX/J/4MjGvTLKwU5BhVVo+OjI5KLdsCkvhwTWVi1pSWCZvGpA5OFuTXT
dqtuvpkuGJ8Hb6jVIPtA8Tx0e8WjIURLmMlVtHxpo9kIyTuOff4j9Z8Ic+GlxhgJ
Qnf+l+FNBNAtZDI9KHCxhW5LYNvo6X+L45zjrE3aPX8EGlkA/0WssL4tOaSwVYVD
7ByN0dQl7IxkaLWJaPbMphjN+LZsSkNUbDZpKdZgi7BRAfowSd1C3ozZru7cCkrB
bp7KdBdF2wRfNA/XLWsGy0dWGlRQWb7qlOSA1doKHG8IHoYhRrmhAb41rseJ0giv
FQLC7WxqCYDWB9o5yLSmfKqNna68gn75BlQVYnsDVvEFpQ0hZFBcePtP6MuGDRBw
EORryU413B+p0MoXi/tBcnnDOo92ucxz5zNLryxvjev7yXopwx2TJlXuFBlvxkOF
NM8Q/RNiAVDwui2zt7x1D+Iob+xlmkMMGAon4AZR5N5lZhtaMmgKOC+JpXTR1UJE
DEDr8LodGhVGc3cyg7rUyDpAMBYrwPFYX57s/XioMNNhV97xJWU11o+bHcRiqfQR
UbLD4VacGICKrgIf0mLEX1bp3DsrLj2iFAKRqXgTIHWQ9xkMy2sh+C1qT0Rug2Uw
n9z+epYGlJTq242wMicK
=Yptq
-----END PGP SIGNATURE-----
More information about the Artful-changes
mailing list