[ubuntu/jaunty] ghostscript 8.64.dfsg.1-0ubuntu8 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Fri Apr 17 05:58:45 BST 2009 

ghostscript (8.64.dfsg.1-0ubuntu8) jaunty; urgency=low

  * SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
    dictionary segments
    - debian/patches/41_CVE-2009-0196.dpatch: validate size of runlength
      in export symbol table in jbig2dec/jbig2_symbol_dict.c.
    - CVE-2009-0196
  * SECURITY UPDATE: denial of service and possible arbitrary code
    execution via integer overflows in icclib
    - debian/patches/42_CVE-2009-0792.dpatch: fix numerous overflows in
      icclib/icc.c.
    - CVE-2009-0792

Date: Thu, 09 Apr 2009 09:27:31 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Signed-By: Kees Cook <kees at ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/ghostscript/8.64.dfsg.1-0ubuntu8
-------------- next part --------------
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Thu, 09 Apr 2009 09:27:31 -0400
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev
Architecture: source
Version: 8.64.dfsg.1-0ubuntu8
Distribution: jaunty
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-esp-x   - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs-esp-dev - Transitional package
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Changes: 
 ghostscript (8.64.dfsg.1-0ubuntu8) jaunty; urgency=low
 .
   * SECURITY UPDATE: possible arbitrary code execution via JBIG2 symbol
     dictionary segments
     - debian/patches/41_CVE-2009-0196.dpatch: validate size of runlength
       in export symbol table in jbig2dec/jbig2_symbol_dict.c.
     - CVE-2009-0196
   * SECURITY UPDATE: denial of service and possible arbitrary code
     execution via integer overflows in icclib
     - debian/patches/42_CVE-2009-0792.dpatch: fix numerous overflows in
       icclib/icc.c.
     - CVE-2009-0792
Checksums-Sha1: 
 516e46ca97664f5804b82e6e31cf7c61c9a5ca57 1839 ghostscript_8.64.dfsg.1-0ubuntu8.dsc
 0c62bf777b65b25e7a595fdeaca766ef2306d3e7 56356 ghostscript_8.64.dfsg.1-0ubuntu8.diff.gz
Checksums-Sha256: 
 f93081bc0869d9f010088f4a9cf9d73aabcd2cbcb85f75ef05616298f7cb4af5 1839 ghostscript_8.64.dfsg.1-0ubuntu8.dsc
 401c51bbfab8ce2238a09074686e9a4cc4b1e764d57a771bd364dc9738d3003f 56356 ghostscript_8.64.dfsg.1-0ubuntu8.diff.gz
Files: 
 42a57a798cc9c592cdf090602a1d7d82 1839 text optional ghostscript_8.64.dfsg.1-0ubuntu8.dsc
 eebd657c00aa3ccef57ee468ec4d5ad9 56356 text optional ghostscript_8.64.dfsg.1-0ubuntu8.diff.gz
Original-Maintainer: Masayuki Hatta (mhatta) <mhatta at debian.org>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Kees Cook <kees at outflux.net>

iEYEARECAAYFAknmNAIACgkQH/9LqRcGPm10sACdGIpyPMViZkZKsFc8Gki+jFMo
aWAAnjbU5BfaySZyrPaormqE9Fm/AVd6
=tgjf
-----END PGP SIGNATURE-----

More information about the Jaunty-changes mailing list