Univention Bugzilla – Bug 44569
ghostscript: Multiple issues (4.2)
Last modified: 2017-06-28 15:33:34 CEST
Upstream Debian package version 9.06~dfsg-2+deb8u5 fixes these issues: * Application crash with division by 0 in scan conversion code triggered through crafted content (CVE-2016-10219) * Application crash with a segfault in gx_device_finalize() triggered through crafted content (CVE-2016-10220) * Application crash with a segfault in ref_stack_index() triggered through crafted content (CVE-2017-5951) * Remote denial of service (NULL pointer dereference) via a crafted PostScript document (CVE-2017-7207) * Possible execution of arbitrary code or denial of service if a specially crafted Postscript file is processed (CVE-2017-8291)
QA: piuparts -D debian --keep-sources-list -b /var/univention/buildsystem2/pbuilder/ucs_4.2-0-errata4.2-0_amd64.tgz -d --bindmount=/var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0 /var/univention/buildsystem2/apt/ucs_4.2-0-errata4.2-0/amd64/ghostscript_9.06~dfsg-2+deb8u5_amd64.deb
* Package imported and built in errata4.2-0 * I've moved and updated the advisory to errata4.2-1 * Advisory content ok * Package update ok
<http://errata.software-univention.de/ucs/4.2/53.html>