[ubuntu/precise-security] ghostscript 9.05~dfsg-0ubuntu4.5 (Accepted)
Steve Beattie
sbeattie at ubuntu.com
Fri Apr 28 05:11:59 UTC 2017
ghostscript (9.05~dfsg-0ubuntu4.5) precise-security; urgency=medium
* SECURITY UPDATE: invalid handling of parameters to .eqproc and
.rsdparams allowed disabling -dSAFER and thus code execution
- debian/patches/CVE-2017-8291-1.patch: check .eqproc parameters
- debian/patches/CVE-2017-8291-2.patch: check .rsdparams parameters
- CVE-2017-8291
* SECURITY UPDATE: use-after-free in color management module.
- CVE-2016-10217.patch: Don't create new ctx when pdf14 device
reenabled
- CVE-2016-10217
* SECURITY UPDATE: divide-by-zero error denial of service in
base/gxfill.c
- CVE-2016-10219.patch: check for 0 in denominator
- CVE-2016-10219
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2016-10220.patch: initialize device data structure correctly
- CVE-2016-10220
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-5951.patch: use the correct param list enumerator
- CVE-2017-5951
* SECURITY UPDATE: null pointer dereference denial of service
- CVE-2017-7207.patch: ensure a device has raster memory, before
trying to read it
- CVE-2017-7207
Date: 2017-04-28 02:24:48.564622+00:00
Changed-By: Steve Beattie <sbeattie at ubuntu.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.05~dfsg-0ubuntu4.5
-------------- next part --------------
Sorry, changesfile not available.
More information about the Precise-changes
mailing list