[ubuntu/jaunty-security] ghostscript (delayed), ghostscript 8.64.dfsg.1-0ubuntu8.1 (Accepted)
Ubuntu Installer
archive at ubuntu.com
Tue Jul 13 19:04:03 BST 2010
ghostscript (8.64.dfsg.1-0ubuntu8.1) jaunty-security; urgency=low
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in errprintf function
- debian/patches/CVE-2009-4270.dpatch: use vsnprintf in base/gsmisc.c.
- CVE-2009-4270
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/CVE-2010-1628.dpatch: only initialize structures if
all allocations were successful in psi/ialloc.c, psi/idosave.h,
psi/isave.c.
- CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
(LP: #546009)
- debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
psi/int.mak, psi/iscan.c, psi/iscan.h.
- CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
- debian/patches/security-long-names.dpatch: check against maximum size
in psi/iscan.c.
- No CVE number yet.
Date: Mon, 12 Jul 2010 12:08:54 -0400
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/jaunty/+source/ghostscript/8.64.dfsg.1-0ubuntu8.1
-------------- next part --------------
Format: 1.8
Date: Mon, 12 Jul 2010 12:08:54 -0400
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev
Architecture: source
Version: 8.64.dfsg.1-0ubuntu8.1
Distribution: jaunty-security
Urgency: low
Maintainer: Ubuntu Core Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description:
ghostscript - The GPL Ghostscript PostScript/PDF interpreter
ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
gs - Transitional package
gs-aladdin - Transitional package
gs-common - Dummy package depending on ghostscript
gs-esp - Transitional package
gs-esp-x - Transitional package
gs-gpl - Transitional package
libgs-dev - The Ghostscript PostScript Library - Development Files
libgs-esp-dev - Transitional package
libgs8 - The Ghostscript PostScript/PDF interpreter Library
Launchpad-Bugs-Fixed: 546009 546009
Changes:
ghostscript (8.64.dfsg.1-0ubuntu8.1) jaunty-security; urgency=low
.
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in errprintf function
- debian/patches/CVE-2009-4270.dpatch: use vsnprintf in base/gsmisc.c.
- CVE-2009-4270
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/CVE-2010-1628.dpatch: only initialize structures if
all allocations were successful in psi/ialloc.c, psi/idosave.h,
psi/isave.c.
- CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
(LP: #546009)
- debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
psi/int.mak, psi/iscan.c, psi/iscan.h.
- CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
- debian/patches/security-long-names.dpatch: check against maximum size
in psi/iscan.c.
- No CVE number yet.
Checksums-Sha1:
8fd7bbd6c782ece8cfbef7896d104aa19c75c4e3 1810 ghostscript_8.64.dfsg.1-0ubuntu8.1.dsc
c69edbdfba2fa7ae94a4ab9e7503e7e215e2706d 59275 ghostscript_8.64.dfsg.1-0ubuntu8.1.diff.gz
Checksums-Sha256:
b1e05596187ab453dfa5a496e71229901c7552a814605c91b7d1f2c40b8846aa 1810 ghostscript_8.64.dfsg.1-0ubuntu8.1.dsc
dafeced6675bb6219aaedfe42f46457e1bcadc02c2e5cb9bdba37c1ed4df04ae 59275 ghostscript_8.64.dfsg.1-0ubuntu8.1.diff.gz
Files:
7b96f9ded9b131ed4d8ce0b57af742fb 1810 text optional ghostscript_8.64.dfsg.1-0ubuntu8.1.dsc
6cfddc875588bef06b30baa00d73d64a 59275 text optional ghostscript_8.64.dfsg.1-0ubuntu8.1.diff.gz
Original-Maintainer: Masayuki Hatta (mhatta) <mhatta at debian.org>
More information about the Jaunty-changes
mailing list