Fix in 8.61.dfsg.1~svn8187-1.1
** Changed in: ghostscript (Ubuntu Hardy)
Status: Confirmed => Fix Released
--
internal jasper should be patched for CVE-2007-2721
https://bugs.launchpad.net/bugs/153765
You received this bug notification because you are a member of Ubuntu
Bugs, which is the
http://www.ubuntu.com/usn/usn-501-2
** Changed in: ghostscript (Ubuntu Gutsy)
Status: Fix Committed => Fix Released
** Changed in: gs-gpl (Ubuntu Edgy)
Status: Fix Committed => Fix Released
** Changed in: gs-gpl (Ubuntu Feisty)
Status: Fix Committed => Fix Released
--
inte
Thanks for the prompt response!
There are two main issues: One is a patch for handling broken streams
produced by certain popular authoring software. Upstream rejected the
patch because it increases memory footprint (a "you can free this" tag
is incorrect in these files). A combination of not-my-p
Dapper is not affected: jasper was not included in the code.
** Changed in: ghostscript (Ubuntu)
Status: Confirmed => Fix Committed
** Changed in: ghostscript (Ubuntu Hardy)
Assignee: Kees Cook (keescook) => (unassigned)
Status: Fix Committed => Confirmed
** Also affects: gs-g
I have simply taken the Ghostscript as it comes from upstream.
Ralph, can you tell what is changed in the libjasper which comes with
Ghostscript and whether one could perhaps come to an agreement with
libjasper upstream to make it possible for Ghostscript to use the
system's libjasper?
--
intern
Thanks for the heads-up! We will prepare updates. Is there a reason
that ghostscript doesn't link against the system libjasper instead?
** Changed in: ghostscript (Ubuntu)
Importance: Undecided => Medium
Assignee: (unassigned) => Kees Cook (keescook)
Status: New => Confirmed
** V
