[ubuntu/artful-proposed] ghostscript 9.19~dfsg+1-0ubuntu8 (Accepted)

Steve Beattie sbeattie at ubuntu.com
Fri May 12 15:13:20 UTC 2017 

ghostscript (9.19~dfsg+1-0ubuntu8) artful; urgency=medium

  * SECURITY UPDATE: invalid handling of parameters to .eqproc and
    .rsdparams allowed disabling -dSAFER and thus code execution
    - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
    - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
    - CVE-2017-8291
  * SECURITY UPDATE: use-after-free in color management module.
    - CVE-2016-10217.patch: Dont create new ctx when pdf14 device
      reenabled
    - CVE-2016-10217
  * SECURITY UPDATE: divide-by-zero error denial of service in
    base/gxfill.c
    - CVE-2016-10219.patch: check for 0 in denominator
    - CVE-2016-10219
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2016-10220.patch: initialize device data structure correctly
    - CVE-2016-10220
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-5951.patch: use the correct param list enumerator
    - CVE-2017-5951
  * SECURITY UPDATE: null pointer dereference denial of service
    - CVE-2017-7207.patch: ensure a device has raster memory, before
      trying to read it
    - CVE-2017-7207

Date: Thu, 27 Apr 2017 16:00:11 -0700
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.19~dfsg+1-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Thu, 27 Apr 2017 16:00:11 -0700
Source: ghostscript
Binary: ghostscript ghostscript-x ghostscript-doc libgs9 libgs9-common libgs-dev ghostscript-dbg
Architecture: source
Version: 9.19~dfsg+1-0ubuntu8
Distribution: artful
Urgency: medium
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
Description:
 ghostscript - interpreter for the PostScript language and for PDF
 ghostscript-dbg - interpreter for the PostScript language and for PDF - Debug symbo
 ghostscript-doc - interpreter for the PostScript language and for PDF - Documentati
 ghostscript-x - interpreter for the PostScript language and for PDF - X11 support
 libgs-dev  - interpreter for the PostScript language and for PDF - Development
 libgs9     - interpreter for the PostScript language and for PDF - Library
 libgs9-common - interpreter for the PostScript language and for PDF - common file
Changes:
 ghostscript (9.19~dfsg+1-0ubuntu8) artful; urgency=medium
 .
   * SECURITY UPDATE: invalid handling of parameters to .eqproc and
     .rsdparams allowed disabling -dSAFER and thus code execution
     - debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
     - debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
     - CVE-2017-8291
   * SECURITY UPDATE: use-after-free in color management module.
     - CVE-2016-10217.patch: Dont create new ctx when pdf14 device
       reenabled
     - CVE-2016-10217
   * SECURITY UPDATE: divide-by-zero error denial of service in
     base/gxfill.c
     - CVE-2016-10219.patch: check for 0 in denominator
     - CVE-2016-10219
   * SECURITY UPDATE: null pointer dereference denial of service
     - CVE-2016-10220.patch: initialize device data structure correctly
     - CVE-2016-10220
   * SECURITY UPDATE: null pointer dereference denial of service
     - CVE-2017-5951.patch: use the correct param list enumerator
     - CVE-2017-5951
   * SECURITY UPDATE: null pointer dereference denial of service
     - CVE-2017-7207.patch: ensure a device has raster memory, before
       trying to read it
     - CVE-2017-7207
Checksums-Sha1:
 dba67909a6f110b38575f571e170c6a2f216afdc 2955 ghostscript_9.19~dfsg+1-0ubuntu8.dsc
 752c3f477a5b2b8fddf54a201514af370a8ba10e 110396 ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
 f667fd95b19af289258fc4b25c2d4c4b89c17de1 12847 ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Checksums-Sha256:
 15a89ce0913196708b6c32e177b1409cbcd57dc9f9e4617018c71f8bb297bcc3 2955 ghostscript_9.19~dfsg+1-0ubuntu8.dsc
 e113d37001b970e467a9cd1b13b4cfa71fdc370a3b7ff38480495480a4fe6eba 110396 ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
 926145de9a4be0632ac9fd2cf7325a24c7423f35904ea2bdc275f4c300f48018 12847 ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Files:
 c6bc89b084f615378d5a92310521311b 2955 text optional ghostscript_9.19~dfsg+1-0ubuntu8.dsc
 6f4c3d6e16bf888deb1c1a394f8a4cda 110396 text optional ghostscript_9.19~dfsg+1-0ubuntu8.debian.tar.xz
 43adb17b9dd55e4e2041a1f1f02e7c8f 12847 text optional ghostscript_9.19~dfsg+1-0ubuntu8_source.buildinfo
Original-Maintainer: Debian Printing Team <debian-printing at lists.debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCgAGBQJZFdBoAAoJEGVp2FWnRL6TpXEP/inZIkcEdDeD1bOwUZURGfi4
nPgWyHG9jX/J/4MjGvTLKwU5BhVVo+OjI5KLdsCkvhwTWVi1pSWCZvGpA5OFuTXT
dqtuvpkuGJ8Hb6jVIPtA8Tx0e8WjIURLmMlVtHxpo9kIyTuOff4j9Z8Ic+GlxhgJ
Qnf+l+FNBNAtZDI9KHCxhW5LYNvo6X+L45zjrE3aPX8EGlkA/0WssL4tOaSwVYVD
7ByN0dQl7IxkaLWJaPbMphjN+LZsSkNUbDZpKdZgi7BRAfowSd1C3ozZru7cCkrB
bp7KdBdF2wRfNA/XLWsGy0dWGlRQWb7qlOSA1doKHG8IHoYhRrmhAb41rseJ0giv
FQLC7WxqCYDWB9o5yLSmfKqNna68gn75BlQVYnsDVvEFpQ0hZFBcePtP6MuGDRBw
EORryU413B+p0MoXi/tBcnnDOo92ucxz5zNLryxvjev7yXopwx2TJlXuFBlvxkOF
NM8Q/RNiAVDwui2zt7x1D+Iob+xlmkMMGAon4AZR5N5lZhtaMmgKOC+JpXTR1UJE
DEDr8LodGhVGc3cyg7rUyDpAMBYrwPFYX57s/XioMNNhV97xJWU11o+bHcRiqfQR
UbLD4VacGICKrgIf0mLEX1bp3DsrLj2iFAKRqXgTIHWQ9xkMy2sh+C1qT0Rug2Uw
n9z+epYGlJTq242wMicK
=Yptq
-----END PGP SIGNATURE-----

More information about the Artful-changes mailing list