Package: ghostscript Version: 8.64~dfsg-1 Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) ids were published for ghostscript.
CVE-2009-0584[0]: | icc.c in the International Color Consortium (ICC) Format library (aka | icclib), as used in Ghostscript 8.64 and earlier and Argyll Color | Management System (CMS) 1.0.3 and earlier, allows context-dependent | attackers to cause a denial of service (application crash) or possibly | execute arbitrary code by using a device file for processing a crafted | image file associated with large integer values for certain sizes, | related to an ICC profile in a (1) PostScript or (2) PDF file with | embedded images. CVE-2009-0583[1]: | Multiple integer overflows in icc.c in the International Color | Consortium (ICC) Format library (aka icclib), as used in Ghostscript | 8.64 and earlier and Argyll Color Management System (CMS) 1.0.3 and | earlier, allow context-dependent attackers to cause a denial of | service (heap-based buffer overflow and application crash) or possibly | execute arbitrary code by using a device file for a translation | request that operates on a crafted image file and targets a certain | "native color space," related to an ICC profile in a (1) PostScript or | (2) PDF file with embedded images. If you fix the vulnerabilities please also make sure to include the CVE ids in your changelog entry. We already have fixed packages for stable/oldstable, the patches in their probably apply for the unstable version as well. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0584 http://security-tracker.debian.net/tracker/CVE-2009-0584 [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0583 http://security-tracker.debian.net/tracker/CVE-2009-0583 -- Nico Golde - http://www.ngolde.de - n...@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpgQkGJPWouQ.pgp
Description: PGP signature
