Change log for ghostscript package in openKylin

111 of 11 results
Published in nile-release
Published in nile-proposed
ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium

  * SECURITY UPDATE: stack-based buffer overflow via long PDF filter
    name     - debian/patches/CVE-2024-29506.patch: don't allow PDF
    files with bad       Filters to overflow the debug buffer in
    pdf/pdf_file.c.     - CVE-2024-29506   * SECURITY UPDATE: stack-
    based buffer overflows     - debian/patches/CVE-2024-29507.patch:
    bounds checks when using CIDFont       related params in
    pdf/pdf_font.c, pdf/pdf_warnings.h.     - CVE-2024-29507   *
    SECURITY UPDATE: heap-based pointer disclosure via constructed
    BaseFont     name     - debian/patches/CVE-2024-29508.patch: review
    printing of pointers in       base/gsfont.c, base/gsicc_cache.c,
    base/gsmalloc.c, base/gxclmem.c,       base/gxcpath.c,
    base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
    devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
    psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c.     -
    debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
    optimised build in base/gsicc_cache.c.     - debian/patches/CVE-2024-
    29508-3.patch: remove extra arguments in       devices/gdevupd.c.
    - CVE-2024-29508   * SECURITY UPDATE: heap-based overflow via
    PDFPassword with null byte     - debian/patches/CVE-2024-
    29509.patch: don't use strlen on passwords in       pdf/pdf_sec.c.
    - CVE-2024-29509   * SECURITY UPDATE: directory traversal issue via
    OCRLanguage     - debian/patches/CVE-2024-29511.patch: reject
    OCRLanguage changes after       SAFER enabled in devices/gdevocr.c,
    devices/gdevpdfocr.c,       devices/vector/gdevpdfp.c.     -
    debian/patches/CVE-2024-29511-2.patch: original fix was overly
    aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
    devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c.     - CVE-2024-
    29511

 -- liubo01 <email address hidden>  Tue, 05 Nov 2024 11:37:45 +0800
Superseded in nile-proposed
ghostscript (10.02.1~dfsg1-ok3) nile; urgency=medium

  * reserve CVE change.

 -- liubo01 <email address hidden>  Tue, 05 Nov 2024 11:29:51 +0800
Published in huanghe-proposed
Published in huanghe-release
Superseded in nile-release
Superseded in nile-proposed
ghostscript (10.02.1~dfsg1-ok2) nile; urgency=medium

  * Fix CVE-2024-29510 CVE-2024-33869 CVE-2024-33870 CVE-2024-33871

 -- liubo01 <email address hidden>  Mon, 08 Jul 2024 17:33:23 +0800
Superseded in nile-release
Superseded in nile-proposed
ghostscript (10.02.1~dfsg1-ok1) nile; urgency=medium

  * Sync upstream version.

 -- zhouganqing <email address hidden>  Fri, 19 Apr 2024 10:21:27 +0800
Superseded in nile-proposed
ghostscript (9.50~dfsg-ok8) nile; urgency=medium

  * No change rebuild

 -- CI Bot <email address hidden>  Thu, 18 Apr 2024 12:44:06 +0000

Available diffs

Published in yangtze-release
Published in yangtze-proposed
ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium

  * Update package info.

 -- zhouganqing <email address hidden>  Mon, 04 Sep 2023 17:05:57 +0800
Superseded in nile-release
Superseded in nile-proposed
Superseded in yangtze-proposed
ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium

  * CVE问题修复:
    - CVE-2023-28879
    - CVE-2020-16289
    - CVE-2023-36664
    - CVE-2020-16295
    - CVE-2020-16292
    - CVE-2020-16293
    - CVE-2020-16296
    - CVE-2020-16294
    - CVE-2020-16301
    - CVE-2020-16300

 -- jiangdingyuan <email address hidden>  Wed, 02 Aug 2023 10:19:20 +0800

Available diffs

Superseded in nile-release
Superseded in yangtze-release
Superseded in yangtze-proposed
ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium

  * another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等.

 -- zhonglinliang <email address hidden>  Fri, 24 Mar 2023 15:32:33 +0800
Superseded in yangtze-proposed
ghostscript (9.50~dfsg-ok3) yangtze; urgency=medium

  * uivnsd CVE-2020-16287 安全更新:Artifex Software Ghostscript存在缓冲区错误漏洞.

 -- heguanli <email address hidden>  Wed, 15 Mar 2023 21:56:17 +0800

Available diffs

Superseded in yangtze-proposed
ghostscript (9.50~dfsg-ok2) yangtze; urgency=medium

  * TaciturnZ CVE-2020-15900 安全更新:Artifex Software Ghostscript 9.50版本和9.52版本中存在数字错误漏洞。攻击者可利用该漏洞关闭沙盒保护.

 -- wengz <email address hidden>  Tue, 14 Mar 2023 15:42:43 +0800
Superseded in yangtze-release
ghostscript (9.50~dfsg-ok1) yangtze; urgency=medium

  * Build for openKylin.

 -- openKylinBot <email address hidden>  Mon, 25 Apr 2022 22:03:04 +0800
111 of 11 results