Change log for ghostscript package in openKylin
1 → 11 of 11 results | First • Previous • Next • Last |
ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium * SECURITY UPDATE: stack-based buffer overflow via long PDF filter name - debian/patches/CVE-2024-29506.patch: don't allow PDF files with bad Filters to overflow the debug buffer in pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack- based buffer overflows - debian/patches/CVE-2024-29507.patch: bounds checks when using CIDFont related params in pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 * SECURITY UPDATE: heap-based pointer disclosure via constructed BaseFont name - debian/patches/CVE-2024-29508.patch: review printing of pointers in base/gsfont.c, base/gsicc_cache.c, base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c, base/gxpath.c, base/szlibc.c, devices/gdevupd.c, devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c, psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. - debian/patches/CVE-2024-29508-2.patch: fix compiler warning in optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024- 29508-3.patch: remove extra arguments in devices/gdevupd.c. - CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via PDFPassword with null byte - debian/patches/CVE-2024- 29509.patch: don't use strlen on passwords in pdf/pdf_sec.c. - CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via OCRLanguage - debian/patches/CVE-2024-29511.patch: reject OCRLanguage changes after SAFER enabled in devices/gdevocr.c, devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. - debian/patches/CVE-2024-29511-2.patch: original fix was overly aggressive in devices/gdevocr.c, devices/gdevpdfocr.c, devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c. - CVE-2024- 29511 -- liubo01 <email address hidden> Tue, 05 Nov 2024 11:37:45 +0800
Available diffs
Superseded in nile-proposed |
ghostscript (10.02.1~dfsg1-ok3) nile; urgency=medium * reserve CVE change. -- liubo01 <email address hidden> Tue, 05 Nov 2024 11:29:51 +0800
Available diffs
Published in huanghe-proposed |
Published in huanghe-release |
Superseded in nile-release |
Superseded in nile-proposed |
ghostscript (10.02.1~dfsg1-ok2) nile; urgency=medium * Fix CVE-2024-29510 CVE-2024-33869 CVE-2024-33870 CVE-2024-33871 -- liubo01 <email address hidden> Mon, 08 Jul 2024 17:33:23 +0800
Available diffs
ghostscript (10.02.1~dfsg1-ok1) nile; urgency=medium * Sync upstream version. -- zhouganqing <email address hidden> Fri, 19 Apr 2024 10:21:27 +0800
Available diffs
- diff from 9.50~dfsg-ok5 to 10.02.1~dfsg1-ok1 (16.8 MiB)
- diff from 9.50~dfsg-ok8 to 10.02.1~dfsg1-ok1 (16.8 MiB)
Superseded in nile-proposed |
ghostscript (9.50~dfsg-ok8) nile; urgency=medium * No change rebuild -- CI Bot <email address hidden> Thu, 18 Apr 2024 12:44:06 +0000
Available diffs
- diff from 9.50~dfsg-ok5 to 9.50~dfsg-ok8 (10.1 KiB)
ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium * Update package info. -- zhouganqing <email address hidden> Mon, 04 Sep 2023 17:05:57 +0800
Available diffs
- diff from 9.50~dfsg-ok4 to 9.50~dfsg-ok6 (9.2 KiB)
- diff from 9.50~dfsg-ok5 to 9.50~dfsg-ok6 (4.5 KiB)
ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium * CVE问题修复: - CVE-2023-28879 - CVE-2020-16289 - CVE-2023-36664 - CVE-2020-16295 - CVE-2020-16292 - CVE-2020-16293 - CVE-2020-16296 - CVE-2020-16294 - CVE-2020-16301 - CVE-2020-16300 -- jiangdingyuan <email address hidden> Wed, 02 Aug 2023 10:19:20 +0800
Available diffs
- diff from 9.50~dfsg-ok4 to 9.50~dfsg-ok5 (5.5 KiB)
ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium * another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等. -- zhonglinliang <email address hidden> Fri, 24 Mar 2023 15:32:33 +0800
Available diffs
Superseded in yangtze-proposed |
ghostscript (9.50~dfsg-ok3) yangtze; urgency=medium * uivnsd CVE-2020-16287 安全更新:Artifex Software Ghostscript存在缓冲区错误漏洞. -- heguanli <email address hidden> Wed, 15 Mar 2023 21:56:17 +0800
Available diffs
- diff from 9.50~dfsg-ok2 to 9.50~dfsg-ok3 (1.3 KiB)
Superseded in yangtze-proposed |
ghostscript (9.50~dfsg-ok2) yangtze; urgency=medium * TaciturnZ CVE-2020-15900 安全更新:Artifex Software Ghostscript 9.50版本和9.52版本中存在数字错误漏洞。攻击者可利用该漏洞关闭沙盒保护. -- wengz <email address hidden> Tue, 14 Mar 2023 15:42:43 +0800
Available diffs
Superseded in yangtze-release |
ghostscript (9.50~dfsg-ok1) yangtze; urgency=medium * Build for openKylin. -- openKylinBot <email address hidden> Mon, 25 Apr 2022 22:03:04 +0800
1 → 11 of 11 results | First • Previous • Next • Last |