[Git][security-tracker-team/security-tracker][master] ghostscript: add upstream version, distinguish CVEs in common patch

Sylvain Beucler beuc at debian.org
Mon Aug 17 15:51:51 BST 2020 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
f6eb9ee9 by Sylvain Beucler at 2020-08-17T16:50:59+02:00
ghostscript: add upstream version, distinguish CVEs in common patch

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -13673,7 +13673,8 @@ CVE-2020-17539
 CVE-2020-17538 (A buffer overflow vulnerability in GetNumSameData() in contrib/lips4/g ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
+	NOTE: chunk #1, see also CVE-2020-16296
 CVE-2020-17537
 	RESERVED
 CVE-2020-17536
@@ -16164,99 +16165,100 @@ CVE-2020-16311
 CVE-2020-16310 (A division by zero vulnerability in dot24_print_page() in devices/gdev ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701828
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=eaba1d97b62831b42c51840cc8ee2bc4576c942e (9.51)
 CVE-2020-16309 (A buffer overflow vulnerability in lxm5700m_print_page() in devices/gd ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701827
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=a6f7464dddc689386668a38b92dfd03cc1b38a10 (9.51)
 CVE-2020-16308 (A buffer overflow vulnerability in p_print_image() in devices/gdevcdj. ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701829
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=af004276fd8f6c305727183c159b83021020f7d6 (9.51)
 CVE-2020-16307 (A null pointer dereference vulnerability in devices/vector/gdevtxtw.c  ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701822
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=407c98a38c3a6ac1681144ed45cc2f4fc374c91f (9.51)
 CVE-2020-16306 (A null pointer dereference vulnerability in devices/gdevtsep.c of Arti ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=aadb53eb834b3def3ef68d78865ff87a68901804 (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701821
 CVE-2020-16305 (A buffer overflow vulnerability in pcx_write_rle() in contrib/japanese ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701819
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=2793769ff107d8d22dadd30c6e68cd781b569550 (9.51)
 CVE-2020-16304 (A buffer overflow vulnerability in image_render_color_thresh() in base ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=027c546e0dd11e0526f1780a7f3c2c66acffe209 (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701816
 CVE-2020-16303 (A use-after-free vulnerability in xps_finish_image_path() in devices/v ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701818
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=94d8955cb7725eb5f3557ddc02310c76124fdd1a (9.51)
 CVE-2020-16302 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701815
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=366ad48d076c1aa4c8f83c65011258a04e348207 (9.51)
 CVE-2020-16301 (A buffer overflow vulnerability in okiibm_print_page1() in devices/gde ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701808
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=f54414c8b15b2c27d1dcadd92cfe84f6d15f18dc (9.51)
 CVE-2020-16300 (A buffer overflow vulnerability in tiff12_print_page() in devices/gdev ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701807
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=714e8995cd582d418276915cbbec3c70711fb19e (9.51)
 CVE-2020-16299 (A Division by Zero vulnerability in bj10v_print_page() in contrib/japa ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701801
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4fcbece468706e0e89ed2856729b2ccacbc112be (9.51)
 CVE-2020-16298 (A buffer overflow vulnerability in mj_color_correct() in contrib/japan ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701799
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=849e74e5ab450dd581942192da7101e0664fa5af (9.51)
 CVE-2020-16297 (A buffer overflow vulnerability in FloydSteinbergDitheringC() in contr ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701800
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=bf72f1a3dd5392ee8291e3b1518a0c2c5dc6ba39 (9.51)
 CVE-2020-16296 (A buffer overflow vulnerability in GetNumWrongData() in contrib/lips4/ ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701792
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=9f39ed4a92578a020ae10459643e1fe72573d134 (9.51)
+	NOTE: chunk #2, see also CVE-2020-17538
 CVE-2020-16295 (A null pointer dereference vulnerability in clj_media_size() in device ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=2c2dc335c212750e0fb8ae157063bc06cafa8d3e (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701796
 CVE-2020-16294 (A buffer overflow vulnerability in epsc_print_page() in devices/gdevep ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701794
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=89f58f1aa95b3482cadf6977da49457194ee5358 (9.51)
 CVE-2020-16293 (A null pointer dereference vulnerability in compose_group_nonknockout_ ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701795
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=7870f4951bcc6a153f317e3439e14d0e929fd231 (9.51)
 CVE-2020-16292 (A buffer overflow vulnerability in mj_raster_cmd() in contrib/japanese ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701793
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=863ada11f9a942a622a581312e2be022d9e2a6f7 (9.51)
 CVE-2020-16291 (A buffer overflow vulnerability in contrib/gdevdj9.c of Artifex Softwa ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=4f73e8b4d578e69a17f452fa60d2130c5faaefd6 (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701787
 CVE-2020-16290 (A buffer overflow vulnerability in jetp3852_print_page() in devices/gd ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=93cb0c0adbd9bcfefd021d59c472388f67d3300d (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701786
 CVE-2020-16289 (A buffer overflow vulnerability in cif_print_page() in devices/gdevcif ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701788
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=d31e25ed5b130499e0d880e4609b1b4824699768 (9.51)
 CVE-2020-16288 (A buffer overflow vulnerability in pj_common_print_page() in devices/g ...)
 	- ghostscript 9.51~dfsg-1
-	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f
+	NOTE: http://git.ghostscript.com/?p=ghostpdl.git;h=aba3375ac24f8e02659d9b1eb9093909618cdb9f (9.51)
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701791
 CVE-2020-16287 (A buffer overflow vulnerability in lprn_is_black() in contrib/lips4/gd ...)
 	- ghostscript 9.51~dfsg-1
 	NOTE: https://bugs.ghostscript.com/show_bug.cgi?id=701785
-	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6
+	NOTE: https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=450da26a76286a8342ec0864b3d113856709f8f6 (9.51)
 CVE-2020-16286
 	RESERVED
 CVE-2020-16285



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6eb9ee96c0499454405361838ed26f8833d3490

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/f6eb9ee96c0499454405361838ed26f8833d3490
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200817/9dbe9555/attachment-0001.html>

More information about the debian-security-tracker-commits mailing list