From owner-cvs-ports@FreeBSD.ORG  Mon Apr 20 08:08:50 2009
Return-Path: <owner-cvs-ports@FreeBSD.ORG>
Delivered-To: cvs-ports@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 8A2621065670;
	Mon, 20 Apr 2009 08:08:50 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from repoman.freebsd.org (repoman.freebsd.org
	[IPv6:2001:4f8:fff6::29])
	by mx1.freebsd.org (Postfix) with ESMTP id 791638FC15;
	Mon, 20 Apr 2009 08:08:50 +0000 (UTC) (envelope-from hrs@FreeBSD.org)
Received: from repoman.freebsd.org (localhost [127.0.0.1])
	by repoman.freebsd.org (8.14.3/8.14.3) with ESMTP id n3K88oDY093952;
	Mon, 20 Apr 2009 08:08:50 GMT (envelope-from hrs@repoman.freebsd.org)
Received: (from hrs@localhost)
	by repoman.freebsd.org (8.14.3/8.14.3/Submit) id n3K88oQN093951;
	Mon, 20 Apr 2009 08:08:50 GMT (envelope-from hrs)
Message-Id: <200904200808.n3K88oQN093951@repoman.freebsd.org>
From: Hiroki Sato <hrs@FreeBSD.org>
Date: Mon, 20 Apr 2009 08:08:50 +0000 (UTC)
To: ports-committers@FreeBSD.org, cvs-ports@FreeBSD.org, cvs-all@FreeBSD.org
X-FreeBSD-CVS-Branch: HEAD
Cc: 
Subject: cvs commit: ports/print/ghostscript8 Makefile
 ports/print/ghostscript8/files patch-CVE-2009-0583,0584
X-BeenThere: cvs-ports@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: CVS commit messages for the ports tree <cvs-ports.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/cvs-ports>
List-Post: <mailto:cvs-ports@freebsd.org>
List-Help: <mailto:cvs-ports-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/cvs-ports>,
	<mailto:cvs-ports-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 20 Apr 2009 08:08:50 -0000

hrs         2009-04-20 08:08:50 UTC

  FreeBSD ports repository

  Modified files:
    print/ghostscript8   Makefile 
  Added files:
    print/ghostscript8/files patch-CVE-2009-0583,0584 
  Log:
  Fix multiple integer overflows and lack of boundary check found
  and marked as CVE-2009-583 and CVE-2009-584:
  
  CVE-2009-583:
  
    Multiple integer overflows in icc.c in the International Color
    Consortium (ICC) Format library (aka icclib), as used in
    Ghostscript 8.64 and earlier and Argyll Color Management
    System (CMS) 1.0.3 and earlier, allow context-dependent
    attackers to cause a denial of service (heap-based buffer
    overflow and application crash) or possibly execute arbitrary
    code by using a device file for a translation request that
    operates on a crafted image file and targets a certain "native
    color space," related to an ICC profile in a (1) PostScript
    or (2) PDF file with embedded images.
  
  CVE-2009-584:
  
    icc.c in the International Color Consortium (ICC) Format
    library (aka icclib), as used in Ghostscript 8.64 and earlier
    and Argyll Color Management System (CMS) 1.0.3 and earlier,
    allows context-dependent attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code
    by using a device file for processing a crafted image file
    associated with large integer values for certain sizes, related
    to an ICC profile in a (1) PostScript or (2) PDF file with
    embedded images.
  
  Security:       CVE-2009-583
  Security:       CVE-2009-584
  Approved by:    portmgr (pav)
  
  Revision  Changes    Path
  1.180     +1 -1      ports/print/ghostscript8/Makefile
  1.1       +989 -0    ports/print/ghostscript8/files/patch-CVE-2009-0583,0584 (new)