[ubuntu/noble-updates] ghostscript 10.02.1~dfsg1-0ubuntu7.4 (Accepted)
Ubuntu Archive Robot
ubuntu-archive-robot at lists.canonical.com
Tue Nov 12 17:58:45 UTC 2024
ghostscript (10.02.1~dfsg1-0ubuntu7.4) noble-security; urgency=medium
* SECURITY UPDATE: incorrect Pattern Implementation type handling
- debian/patches/CVE-2024-46951.patch: check the type of the Pattern
Implementation in psi/zcolor.c.
- CVE-2024-46951
* SECURITY UPDATE: Buffer overflow in PDF XRef stream
- debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
streams in pdf/pdf_xref.c.
- CVE-2024-46952
* SECURITY UPDATE: output filename overflow
- debian/patches/CVE-2024-46953.patch: check for overflow validating
format string for the output file name in base/gsdevice.c.
- CVE-2024-46953
* SECURITY UPDATE: directory escape via overlong encodings
- debian/patches/CVE-2024-46954.patch: fix decode_utf8 to forbid
overlong encodings in base/gp_utf8.c.
- CVE-2024-46954
* SECURITY UPDATE: Out of bounds read when reading color
- debian/patches/CVE-2024-46955.patch: check Indexed colour space index
in psi/zcolor.c.
- CVE-2024-46955
* SECURITY UPDATE: incorrect buffer length check
- debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
- CVE-2024-46956
Date: 2024-11-06 18:01:09.958325+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
Signed-By: Ubuntu Archive Robot <ubuntu-archive-robot at lists.canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/10.02.1~dfsg1-0ubuntu7.4
-------------- next part --------------
Sorry, changesfile not available.
More information about the noble-changes
mailing list