[ubuntu/maverick-security] ghostscript 8.71.dfsg.2-0ubuntu7.1 (Accepted)

Marc Deslauriers marc.deslauriers at ubuntu.com
Wed Jan 4 14:33:24 UTC 2012 

ghostscript (8.71.dfsg.2-0ubuntu7.1) maverick-security; urgency=low

  * SECURITY UPDATE: integer overflows via integer multiplication for
    memory allocation
    - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
      allocation functions and use them in:
      * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
        jas_malloc.c,jas_seq.c}
      * jasper/src/libjasper/bmp/bmp_dec.c
      * jasper/src/libjasper/include/jasper/jas_malloc.h
      * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
      * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
        jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
        jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
      * jasper/src/libjasper/mif/mif_cod.c
    - CVE-2008-3520
  * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
    - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
      jasper/src/libjasper/base/jas_stream.c
    - CVE-2008-3522
  * SECURITY UPDATE: denial of service and possible code execution via
    heap-based buffer overflows.
    - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
      and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
    - CVE-2011-4516
    - CVE-2011-4517

Date: Tue, 20 Dec 2011 14:09:50 -0500
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
https://launchpad.net/ubuntu/maverick/+source/ghostscript/8.71.dfsg.2-0ubuntu7.1
-------------- next part --------------
Format: 1.8
Date: Tue, 20 Dec 2011 14:09:50 -0500
Source: ghostscript
Binary: ghostscript gs gs-esp gs-gpl gs-aladdin gs-common ghostscript-cups ghostscript-x gs-esp-x ghostscript-doc libgs8 libgs-dev libgs-esp-dev
Architecture: source
Version: 8.71.dfsg.2-0ubuntu7.1
Distribution: maverick-security
Urgency: low
Maintainer: Ubuntu Developers <ubuntu-devel-discuss at lists.ubuntu.com>
Changed-By: Marc Deslauriers <marc.deslauriers at ubuntu.com>
Description: 
 ghostscript - The GPL Ghostscript PostScript/PDF interpreter
 ghostscript-cups - The GPL Ghostscript PostScript/PDF interpreter - CUPS filters
 ghostscript-doc - The GPL Ghostscript PostScript/PDF interpreter - Documentation
 ghostscript-x - The GPL Ghostscript PostScript/PDF interpreter - X Display suppor
 gs         - Transitional package
 gs-aladdin - Transitional package
 gs-common  - Dummy package depending on ghostscript
 gs-esp     - Transitional package
 gs-esp-x   - Transitional package
 gs-gpl     - Transitional package
 libgs-dev  - The Ghostscript PostScript Library - Development Files
 libgs-esp-dev - Transitional package
 libgs8     - The Ghostscript PostScript/PDF interpreter Library
Changes: 
 ghostscript (8.71.dfsg.2-0ubuntu7.1) maverick-security; urgency=low
 .
   * SECURITY UPDATE: integer overflows via integer multiplication for
     memory allocation
     - debian/patches/CVE-2008-352x.dpatch: introduce new size-checked
       allocation functions and use them in:
       * jasper/src/libjasper/base/{jas_cm.c,jas_icc.c,jas_image.c,
         jas_malloc.c,jas_seq.c}
       * jasper/src/libjasper/bmp/bmp_dec.c
       * jasper/src/libjasper/include/jasper/jas_malloc.h
       * jasper/src/libjasper/jp2/{jp2_cod.c,jp2_dec.c,jp2_enc.c}
       * jasper/src/libjasper/jpc/{jpc_cs.c,jpc_dec.c,jpc_enc.c,jpc_mqdec.c,
         jpc_mqenc.c,jpc_qmfb.c,jpc_t1enc.c,jpc_t2cod.c,jpc_t2dec.c,
         jpc_t2enc.c,jpc_tagtree.c,jpc_util.c}
       * jasper/src/libjasper/mif/mif_cod.c
     - CVE-2008-3520
   * SECURITY UPDATE: buffer overflow via vsprintf in jas_stream_printf()
     - debian/patches/CVE-2008-352x.dpatch: use vsnprintf() in
       jasper/src/libjasper/base/jas_stream.c
     - CVE-2008-3522
   * SECURITY UPDATE: denial of service and possible code execution via
     heap-based buffer overflows.
     - debian/patches/CVE-2011-451x.dpatch: validate compparms->numrlvls
       and allocate proper size in jasper/src/libjasper/jpc/jpc_cs.c.
     - CVE-2011-4516
     - CVE-2011-4517
Checksums-Sha1: 
 47f28ae862d0cf177254e58f4c0cda12a8d21d3f 2476 ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc
 f1e8aa5ba1d71b946d7b9337c6d380319fa11e5f 80791 ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz
Checksums-Sha256: 
 2a2377a2d8624417253409aea7359968744fede434d3455a8789a9615a272148 2476 ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc
 991b2542fe0fdf78be08dad4407fd1f4f91e955553cab39c6350b8c031364cd0 80791 ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz
Files: 
 6d17c751ba77b222127c41a18c6033f8 2476 text optional ghostscript_8.71.dfsg.2-0ubuntu7.1.dsc
 ff4329a9893a7f156a57bf0dbca8ff17 80791 text optional ghostscript_8.71.dfsg.2-0ubuntu7.1.diff.gz
Original-Maintainer: Masayuki Hatta (mhatta) <mhatta at debian.org>

More information about the Maverick-changes mailing list