Change logs for ghostscript source package in Nile V2.0
-
ghostscript (10.02.1~dfsg1-ok4) nile; urgency=medium
* SECURITY UPDATE: stack-based buffer overflow via long PDF filter
name - debian/patches/CVE-2024-29506.patch: don't allow PDF
files with bad Filters to overflow the debug buffer in
pdf/pdf_file.c. - CVE-2024-29506 * SECURITY UPDATE: stack-
based buffer overflows - debian/patches/CVE-2024-29507.patch:
bounds checks when using CIDFont related params in
pdf/pdf_font.c, pdf/pdf_warnings.h. - CVE-2024-29507 *
SECURITY UPDATE: heap-based pointer disclosure via constructed
BaseFont name - debian/patches/CVE-2024-29508.patch: review
printing of pointers in base/gsfont.c, base/gsicc_cache.c,
base/gsmalloc.c, base/gxclmem.c, base/gxcpath.c,
base/gxpath.c, base/szlibc.c, devices/gdevupd.c,
devices/vector/gdevpdtb.c, psi/ialloc.c, psi/igc.c, psi/igcstr.c,
psi/iinit.c, psi/imainarg.c, psi/isave.c, psi/iutil.c. -
debian/patches/CVE-2024-29508-2.patch: fix compiler warning in
optimised build in base/gsicc_cache.c. - debian/patches/CVE-2024-
29508-3.patch: remove extra arguments in devices/gdevupd.c.
- CVE-2024-29508 * SECURITY UPDATE: heap-based overflow via
PDFPassword with null byte - debian/patches/CVE-2024-
29509.patch: don't use strlen on passwords in pdf/pdf_sec.c.
- CVE-2024-29509 * SECURITY UPDATE: directory traversal issue via
OCRLanguage - debian/patches/CVE-2024-29511.patch: reject
OCRLanguage changes after SAFER enabled in devices/gdevocr.c,
devices/gdevpdfocr.c, devices/vector/gdevpdfp.c. -
debian/patches/CVE-2024-29511-2.patch: original fix was overly
aggressive in devices/gdevocr.c, devices/gdevpdfocr.c,
devices/vector/gdevpdf.c, devices/vector/gdevpdfp.c. - CVE-2024-
29511
-- liubo01 <email address hidden> Tue, 05 Nov 2024 11:37:45 +0800
-
ghostscript (10.02.1~dfsg1-ok3) nile; urgency=medium
* reserve CVE change.
-- liubo01 <email address hidden> Tue, 05 Nov 2024 11:29:51 +0800
-
ghostscript (10.02.1~dfsg1-ok2) nile; urgency=medium
* Fix CVE-2024-29510 CVE-2024-33869 CVE-2024-33870 CVE-2024-33871
-- liubo01 <email address hidden> Mon, 08 Jul 2024 17:33:23 +0800
-
ghostscript (10.02.1~dfsg1-ok1) nile; urgency=medium
* Sync upstream version.
-- zhouganqing <email address hidden> Fri, 19 Apr 2024 10:21:27 +0800
-
ghostscript (9.50~dfsg-ok8) nile; urgency=medium
* No change rebuild
-- CI Bot <email address hidden> Thu, 18 Apr 2024 12:44:06 +0000
-
ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium
* CVE问题修复:
- CVE-2023-28879
- CVE-2020-16289
- CVE-2023-36664
- CVE-2020-16295
- CVE-2020-16292
- CVE-2020-16293
- CVE-2020-16296
- CVE-2020-16294
- CVE-2020-16301
- CVE-2020-16300
-- jiangdingyuan <email address hidden> Wed, 02 Aug 2023 10:19:20 +0800
-
ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium
* another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等.
-- zhonglinliang <email address hidden> Fri, 24 Mar 2023 15:32:33 +0800
