-
Committer:
Bazaar Package Importer
-
Author(s):
Marc Deslauriers
-
Date:
2010-07-12 12:08:54 UTC
-
Revision ID:
james.westby@ubuntu.com-20100712120854-3ttqtrnu076isodk
Tags: 8.64.dfsg.1-0ubuntu8.1
* SECURITY UPDATE: denial of service and possible code execution via
buffer overflow in errprintf function
- debian/patches/CVE-2009-4270.dpatch: use vsnprintf in base/gsmisc.c.
- CVE-2009-4270
* SECURITY UPDATE: arbitrary code execution via unlimited recursive
procedure invocations (LP: #546009)
- debian/patches/CVE-2010-1628.dpatch: only initialize structures if
all allocations were successful in psi/ialloc.c, psi/idosave.h,
psi/isave.c.
- CVE-2010-1628
* SECURITY UPDATE: arbitrary code execution via crafted PostScript file
(LP: #546009)
- debian/patches/CVE-2010-1869.dpatch: use correct buffer sizes in
psi/int.mak, psi/iscan.c, psi/iscan.h.
- CVE-2010-1869
* SECURITY UPDATE: arbitrary code execution via long names
- debian/patches/security-long-names.dpatch: check against maximum size
in psi/iscan.c.
- No CVE number yet.