~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-updates

« back to all changes in this revision

Viewing changes to debian/changelog

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-01-22 13:09:28 UTC
  • Revision ID: package-import@ubuntu.com-20150122130928-xatzfph16hrp2bof
Tags: 8.71.dfsg.1-0ubuntu5.7
* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
ghostscript (8.71.dfsg.1-0ubuntu5.7) lucid-security; urgency=medium
 
2
 
 
3
  * SECURITY UPDATE: denial of service via crafted ICC color profile
 
4
    - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
 
5
      jasper/src/libjasper/base/jas_icc.c, remove assert in
 
6
      jasper/src/libjasper/jp2/jp2_dec.c.
 
7
    - CVE-2014-8137
 
8
  * SECURITY UPDATE: denial of service or code execution via invalid
 
9
    channel number
 
10
    - debian/patches/CVE-2014-8138.dpatch: validate channel number in
 
11
      jasper/src/libjasper/jp2/jp2_dec.c.
 
12
    - CVE-2014-8138
 
13
  * SECURITY UPDATE: denial of service or code execution via off-by-one
 
14
    - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
 
15
      jasper/src/libjasper/jpc/jpc_dec.c.
 
16
    - CVE-2014-8157
 
17
  * SECURITY UPDATE: denial of service or code execution via memory
 
18
    corruption
 
19
    - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
 
20
      sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
 
21
    - CVE-2014-8158
 
22
 
 
23
 -- Marc Deslauriers <marc.deslauriers@ubuntu.com>  Thu, 22 Jan 2015 13:09:28 -0500
 
24
 
1
25
ghostscript (8.71.dfsg.1-0ubuntu5.6) lucid-security; urgency=medium
2
26
 
3
27
  * SECURITY UPDATE: heap overflows via crafted jp2 file