[ubuntu/xenial-security] ghostscript 9.26~dfsg+0-0ubuntu0.16.04.14 (Accepted)

Marc Deslauriers marc.deslauriers at canonical.com
Thu Jan 7 14:04:41 UTC 2021 

ghostscript (9.26~dfsg+0-0ubuntu0.16.04.14) xenial-security; urgency=medium

  * SECURITY UPDATE: integer overflow in opj_t1_encode_cblks
    - debian/patches/CVE-2018-5727.patch: fix UBSAN signed integer overflow
      in openjpeg/src/lib/openjp2/t1.c.
    - CVE-2018-5727
  * SECURITY UPDATE: heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-6851.patch: reject images whose
      coordinates are beyond INT_MAX in openjpeg/src/lib/openjp2/j2k.c.
    - CVE-2020-6851
  * SECURITY UPDATE: another heap overflow in opj_t1_clbl_decode_processor
    - debian/patches/CVE-2020-8112.patch: avoid integer overflow in
      openjpeg/src/lib/openjp2/tcd.c.
    - CVE-2020-8112
  * SECURITY UPDATE: heap-buffer-overflow
    - debian/patches/CVE-2020-27814-1.patch: grow buffer size in
      openjpeg/src/lib/openjp2/tcd.c.
    - debian/patches/CVE-2020-27814-2.patch: grow it again
    - debian/patches/CVE-2020-27814-3.patch: and some more
    - debian/patches/CVE-2020-27814-4.patch: bigger, BIGGER!!!
    - CVE-2020-27814
  * SECURITY UPDATE: global-buffer-overflow
    - debian/patches/CVE-2020-27824.patch: avoid global buffer overflow on
      irreversible conversion when too many decomposition levels are
      specified in openjpeg/src/lib/openjp2/dwt.c.
    - CVE-2020-27824
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27841.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c, openjpeg/src/lib/openjp2/pi.h,
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27841
  * SECURITY UPDATE: null pointer dereference
    - debian/patches/CVE-2020-27842.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27842
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27843.patch: add check to
      openjpeg/src/lib/openjp2/t2.c.
    - CVE-2020-27843
  * SECURITY UPDATE: out-of-bounds read
    - debian/patches/CVE-2020-27845.patch: add extra checks to
      openjpeg/src/lib/openjp2/pi.c.
    - CVE-2020-27845

Date: 2021-01-06 19:16:12.891322+00:00
Changed-By: Marc Deslauriers <marc.deslauriers at canonical.com>
https://launchpad.net/ubuntu/+source/ghostscript/9.26~dfsg+0-0ubuntu0.16.04.14
-------------- next part --------------
Sorry, changesfile not available.

More information about the Xenial-changes mailing list