[ubuntu/hardy-security] ghostscript (delayed), ghostscript 8.61.dfsg.1-1ubuntu3.3 (Accepted)

Ubuntu Installer archive at ubuntu.com
Tue Jul 13 19:04:16 BST 2010


ghostscript (8.61.dfsg.1-1ubuntu3.3) hardy-security; urgency=low

  * SECURITY UPDATE: arbitrary code execution via unlimited recursive
    procedure invocations (LP: #546009)
    - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
      all allocations were successful in src/ialloc.c, src/idosave.h,
      src/isave.c.
    - CVE-2010-1628
  * SECURITY UPDATE: arbitrary code execution via crafted PostScript file
    (LP: #546009)
    - debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
      src/int.mak, src/iscan.c, src/iscan.h.
    - CVE-2010-1869
  * SECURITY UPDATE: arbitrary code execution via long names
    - debian/patches/security-long-names.dpatch: check against maximum size
      in psi/iscan.c.
    - No CVE number yet.

Date: Mon, 12 Jul 2010 12:33:50 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/hardy/+source/ghostscript/8.61.dfsg.1-1ubuntu3.3
-------------- next part --------------
Format: 1.7
Date: Mon, 12 Jul 2010 12:33:50 -0400
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev
Architecture: source
Version: 8.61.dfsg.1-1ubuntu3.3
Distribution: hardy-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Transitional package
 gs-esp     - Transitional package
 gs-esp-x   - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs-esp-dev - Transitional package
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Launchpad-Bugs-Fixed: 546009 546009
Changes: 
 ghostscript (8.61.dfsg.1-1ubuntu3.3) hardy-security; urgency=low
 .
   * SECURITY UPDATE: arbitrary code execution via unlimited recursive
     procedure invocations (LP: #546009)
     - debian/patches/CVE-2010-1628.dpatch: only initialize structures if
       all allocations were successful in src/ialloc.c, src/idosave.h,
       src/isave.c.
     - CVE-2010-1628
   * SECURITY UPDATE: arbitrary code execution via crafted PostScript file
     (LP: #546009)
     - debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
       src/int.mak, src/iscan.c, src/iscan.h.
     - CVE-2010-1869
   * SECURITY UPDATE: arbitrary code execution via long names
     - debian/patches/security-long-names.dpatch: check against maximum size
       in psi/iscan.c.
     - No CVE number yet.
Files: 
 47b1e3be761c1bcead5c0cf6a7b70472 1207 text optional ghostscript_8.61.dfsg.1-1ubuntu3.3.dsc
 cc2a8073f8e835d8b64735be5eddb2a1 112285 text optional ghostscript_8.61.dfsg.1-1ubuntu3.3.diff.gz
Original-Maintainer: Masayuki Hatta (mhatta) <mhatta at debian.org>


More information about the Hardy-changes mailing list