~ubuntu-branches/ubuntu/lucid/ghostscript/lucid-updates

« back to all changes in this revision

Viewing changes to debian/patches/00list

  • Committer: Package Import Robot
  • Author(s): Marc Deslauriers
  • Date: 2015-01-22 13:09:28 UTC
  • Revision ID: package-import@ubuntu.com-20150122130928-xatzfph16hrp2bof
Tags: 8.71.dfsg.1-0ubuntu5.7
* SECURITY UPDATE: denial of service via crafted ICC color profile
  - debian/patches/CVE-2014-8137.dpatch: prevent double-free in
    jasper/src/libjasper/base/jas_icc.c, remove assert in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8137
* SECURITY UPDATE: denial of service or code execution via invalid
  channel number
  - debian/patches/CVE-2014-8138.dpatch: validate channel number in
    jasper/src/libjasper/jp2/jp2_dec.c.
  - CVE-2014-8138
* SECURITY UPDATE: denial of service or code execution via off-by-one
  - debian/patches/CVE-2014-8157.dpatch: fix off-by-one in
    jasper/src/libjasper/jpc/jpc_dec.c.
  - CVE-2014-8157
* SECURITY UPDATE: denial of service or code execution via memory
  corruption
  - debian/patches/CVE-2014-8158.dpatch: remove HAVE_VLA to use more
    sensible buffer sizes in jasper/src/libjasper/jpc/jpc_qmfb.c.
  - CVE-2014-8158

Show diffs side-by-side

added added

removed removed

Lines of Context:
14
14
CVE-2011-451x
15
15
CVE-2012-4405
16
16
CVE-2014-9029
 
17
CVE-2014-8137
 
18
CVE-2014-8138
 
19
CVE-2014-8157
 
20
CVE-2014-8158