ghostscript (9.55.0~dfsg1-0ubuntu5.10) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect Pattern Implementation type handling
- debian/patches/CVE-2024-46951.patch: check the type of the Pattern
Implementation in psi/zcolor.c.
- CVE-2024-46951
* SECURITY UPDATE: Buffer overflow in PDF XRef stream
- debian/patches/CVE-2024-46952.patch: sanitise W array values in Xref
streams in pdf/pdf_xref.c.
- CVE-2024-46952
* SECURITY UPDATE: output filename overflow
- debian/patches/CVE-2024-46953.patch: check for overflow validating
format string for the output file name in base/gsdevice.c.
- CVE-2024-46953
* SECURITY UPDATE: Out of bounds read when reading color
- debian/patches/CVE-2024-46955.patch: check Indexed colour space index
in psi/zcolor.c.
- CVE-2024-46955
* SECURITY UPDATE: incorrect buffer length check
- debian/patches/CVE-2024-46956.patch: fix length check in psi/zfile.c.
- CVE-2024-46956
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 06 Nov 2024 11:57:58 -0500
ghostscript (9.55.0~dfsg1-0ubuntu5.9) jammy-security; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow via long PDF filter name
- debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad
Filters to overflow the debug buffer in pdf/pdf_file.c.
- CVE-2024-29506
* SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont
name
- debian/patches/CVE-2024-29508.patch: review printing of pointers in
base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c,
base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.
- debian/patches/CVE-2024-29508-2.patch: remove extra arguments in
devices/gdevupd.c.
- CVE-2024-29508
* SECURITY UPDATE: heap-based overflow via PDFPassword with null byte
- debian/patches/CVE-2024-29509.patch: don't use strlen on passwords in
pdf/pdf_sec.c.
- CVE-2024-29509
* SECURITY UPDATE: directory traversal issue via OCRLanguage
- debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after
SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdfp.c.
- debian/patches/CVE-2024-29511-2.patch: original fix was overly
aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.
- debian/libgs9.symbols: mark some symbols as optional.
- CVE-2024-29511
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 11 Jul 2024 12:07:09 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.7) jammy-security; urgency=medium
* SECURITY UPDATE: Policy bypass via improperly checked eexec seed
- debian/patches/CVE-2023-52722.patch: Prevent eexec seeds other than
Type 1 standard when SAFER mode is used in zmisc1.c.
- CVE-2023-52722
* SECURITY UPDATE: Arbitrary code execution via uniprint device
- debian/patches/CVE-2024-29510.patch: Prevent changes to uniprint device
argument strings after SAFER is activated in gdevupd.c.
- CVE-2024-29510
* SECURITY UPDATE: Path traversal and arbitrary code execution via improperly
checked path arguments
- debian/patches/CVE-2024-33869-part1.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- debian/patches/CVE-2024-33869-part2.patch: Check that a current working
directory specifier is valid before stripping it from gpmisc.c.
- CVE-2024-33869
* SECURITY UPDATE: Path traversal via improperly checked path arguments
- debian/patches/CVE-2024-33870.patch: Add a check for parent directory
prefixes when handling relative paths in gpmisc.c.
- CVE-2024-33870
* SECURITY UPDATE: Arbitrary code execution via custom driver library
- debian/patches/CVE-2024-33871.patch: Prevent changes to parameter that
specifies the names of dynamic libraries to be loaded by the opvp/oprp
device in gdevopvp.c
- CVE-2024-33871
-- Chris Kim <chris.kim@canonical.com> Mon, 03 Jun 2024 21:54:57 -0700
ghostscript (9.55.0~dfsg1-0ubuntu5.6) jammy-security; urgency=medium
* SECURITY UPDATE: DoS via dangling pointer
- debian/patches/CVE-2023-46751.patch: fix tiffsep(1) requirement for
seekable output files in base/gdevprn.c, devices/gdevtsep.c.
- CVE-2023-46751
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 11 Dec 2023 14:25:45 -0500
ghostscript (9.55.0~dfsg1-0ubuntu5.5) jammy-security; urgency=medium
* SECURITY UPDATE: code execution via PS documents and IJS device
- debian/patches/CVE-2023-43115.patch: prevent PostScript programs
switching to the IJS device after SAFER has been activated in
devices/gdevijs.c.
- CVE-2023-43115
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Thu, 12 Oct 2023 09:02:58 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.4) jammy-security; urgency=medium
* SECURITY UPDATE: buffer overflow
- debian/patches/CVE-2023-38559.patch: bounds check the buffer prior to
deferencing the pointer in devn_pcx_write_rle() in base/gdevdevn.c.
- CVE-2023-38559
-- Allen Huang <allen.huang@canonical.com> Tue, 15 Aug 2023 11:40:49 +0100
ghostscript (9.55.0~dfsg1-0ubuntu5.3) jammy-security; urgency=medium
* SECURITY UPDATE: incorrect permission validation for pipe devices
- debian/patches/CVE-2023-36664-1.patch: don't reduce pipe file names
for permission validation in base/gpmisc.c, base/gslibctx.c.
- debian/patches/CVE-2023-36664-2.patch: fix logic and add extra test
in base/gpmisc.c, base/gslibctx.c.
- CVE-2023-36664
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Wed, 05 Jul 2023 12:49:52 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5.2) jammy-security; urgency=medium
* SECURITY UPDATE: Buffer Overflow
- debian/patches/CVE-2023-28879.patch: add check to make sure that the
buffer has space for two characters in s_xBCPE_process() in base/sbcp.c.
- CVE-2023-28879
-- Rodrigo Figueiredo Zaiden <rodrigo.zaiden@canonical.com> Thu, 13 Apr 2023 11:15:40 -0300
ghostscript (9.55.0~dfsg1-0ubuntu5.1) jammy-security; urgency=medium
* SECURITY UPDATE: NULL pointer dereference issue
- debian/patches/CVE-2022-2085.patch: add init_device_procs entry for
mem_x_device in base/gdevmx.c.
- CVE-2022-2085
-- Marc Deslauriers <marc.deslauriers@ubuntu.com> Mon, 26 Sep 2022 10:05:05 -0400
ghostscript (9.55.0~dfsg1-0ubuntu5) jammy; urgency=medium
* No-change rebuild for ppc64el baseline bump.
-- Ćukasz 'sil2100' Zemczak <lukasz.zemczak@ubuntu.com> Wed, 23 Mar 2022 14:54:34 +0100
# For older changelog entries, run 'apt-get changelog libgs9'
Generated by dwww version 1.14 on Wed Jan 22 13:54:57 CET 2025.