Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 20 Apr 2009 08:08:50 +0000 (UTC)
From:      Hiroki Sato <hrs@FreeBSD.org>
To:        ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: ports/print/ghostscript8 Makefile ports/print/ghostscript8/files patch-CVE-2009-0583,0584
Message-ID:  <200904200808.n3K88oQN093951@repoman.freebsd.org>
next in thread | raw e-mail | index | archive | help 

hrs         2009-04-20 08:08:50 UTC

  FreeBSD ports repository

  Modified files:
    print/ghostscript8   Makefile 
  Added files:
    print/ghostscript8/files patch-CVE-2009-0583,0584 
  Log:
  Fix multiple integer overflows and lack of boundary check found
  and marked as CVE-2009-583 and CVE-2009-584:
  
  CVE-2009-583:
  
    Multiple integer overflows in icc.c in the International Color
    Consortium (ICC) Format library (aka icclib), as used in
    Ghostscript 8.64 and earlier and Argyll Color Management
    System (CMS) 1.0.3 and earlier, allow context-dependent
    attackers to cause a denial of service (heap-based buffer
    overflow and application crash) or possibly execute arbitrary
    code by using a device file for a translation request that
    operates on a crafted image file and targets a certain "native
    color space," related to an ICC profile in a (1) PostScript
    or (2) PDF file with embedded images.
  
  CVE-2009-584:
  
    icc.c in the International Color Consortium (ICC) Format
    library (aka icclib), as used in Ghostscript 8.64 and earlier
    and Argyll Color Management System (CMS) 1.0.3 and earlier,
    allows context-dependent attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code
    by using a device file for processing a crafted image file
    associated with large integer values for certain sizes, related
    to an ICC profile in a (1) PostScript or (2) PDF file with
    embedded images.
  
  Security:       CVE-2009-583
  Security:       CVE-2009-584
  Approved by:    portmgr (pav)
  
  Revision  Changes    Path
  1.180     +1 -1      ports/print/ghostscript8/Makefile
  1.1       +989 -0    ports/print/ghostscript8/files/patch-CVE-2009-0583,0584 (new)

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200904200808.n3K88oQN093951>