From 7b2fab418d2373827a63807b1e0d16b5d17e387b Mon Sep 17 00:00:00 2001 From: zayin Date: Sat, 9 Dec 2023 20:10:55 +0800 Subject: [PATCH 1/4] =?UTF-8?q?CVE-2020-21890=20=E5=AE=89=E5=85=A8?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=EF=BC=9A=E4=BF=AE=E5=A4=8Dgdevclj.c=E7=9A=84?= =?UTF-8?q?clj=5Fmedia=5Fsize=E5=87=BD=E6=95=B0=E4=B8=AD=E5=AD=98=E5=9C=A8?= =?UTF-8?q?=E7=9A=84=E7=BC=93=E5=86=B2=E5=8C=BA=E6=BA=A2=E5=87=BA=E6=BC=8F?= =?UTF-8?q?=E6=B4=9E?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- debian/changelog | 4 ++-- devices/gdevclj.c | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/debian/changelog b/debian/changelog index 8525a9e..8790d3a 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,8 @@ ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium - * Update package info. + * zayin CVE-2020-21890 安全更新:修复缓冲区溢出的漏洞。Ghostscript 9.50 版本存在安全漏洞,该漏洞源于 devices/gdevclj.c 的 clj_media_size 函数中存在缓冲区溢出漏洞。 - -- zhouganqing Mon, 04 Sep 2023 17:05:57 +0800 + -- zhangruijia Sat, 09 Dec 2023 20:04:47 +0800 ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium diff --git a/devices/gdevclj.c b/devices/gdevclj.c index a293ec4..f23baeb 100644 --- a/devices/gdevclj.c +++ b/devices/gdevclj.c @@ -266,8 +266,8 @@ clj_media_size(float mediasize[2], gs_param_list *plist) } if (param_read_int_array(plist, "HWSize", &hwsize) == 0) { - mediasize[0] = ((float)hwsize.data[0]) * 72 / fres.data[0]; - mediasize[1] = ((float)hwsize.data[1]) * 72 / fres.data[1]; + mediasize[0] = ((float)hwsize.data[0]) * 72 / res[0]; + mediasize[1] = ((float)hwsize.data[1]) * 72 / res[1]; have_pagesize = 1; } -- Gitee From ba60a8e46dfc5b25f8b85169b18cda9cb4682910 Mon Sep 17 00:00:00 2001 From: zayin <12527589+zzayin@user.noreply.gitee.com> Date: Sat, 9 Dec 2023 12:18:56 +0000 Subject: [PATCH 2/4] update debian/changelog. Signed-off-by: zayin <12527589+zzayin@user.noreply.gitee.com> --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 8790d3a..6d0eb36 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok7) yangtze; urgency=medium * zayin CVE-2020-21890 安全更新:修复缓冲区溢出的漏洞。Ghostscript 9.50 版本存在安全漏洞,该漏洞源于 devices/gdevclj.c 的 clj_media_size 函数中存在缓冲区溢出漏洞。 -- Gitee From 794b07444e18aca9f277ea46928957e47a575d2a Mon Sep 17 00:00:00 2001 From: zayin <12527589+zzayin@user.noreply.gitee.com> Date: Sat, 9 Dec 2023 12:25:37 +0000 Subject: [PATCH 3/4] update debian/changelog. Signed-off-by: zayin <12527589+zzayin@user.noreply.gitee.com> --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 6d0eb36..e663d54 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,12 @@ ghostscript (9.50~dfsg-ok7) yangtze; urgency=medium -- zhangruijia Sat, 09 Dec 2023 20:04:47 +0800 + ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium + + * Update package info. + + -- zhouganqing Mon, 04 Sep 2023 17:05:57 +0800 + ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium * CVE问题修复: -- Gitee From e1b77c023ea0d8962e7fa1c596781e88e09107fe Mon Sep 17 00:00:00 2001 From: zayin <12527589+zzayin@user.noreply.gitee.com> Date: Sat, 9 Dec 2023 13:02:42 +0000 Subject: [PATCH 4/4] update debian/changelog. Signed-off-by: zayin <12527589+zzayin@user.noreply.gitee.com> --- debian/changelog | 8 +------- 1 file changed, 1 insertion(+), 7 deletions(-) diff --git a/debian/changelog b/debian/changelog index e663d54..8525a9e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,10 +1,4 @@ -ghostscript (9.50~dfsg-ok7) yangtze; urgency=medium - - * zayin CVE-2020-21890 安全更新:修复缓冲区溢出的漏洞。Ghostscript 9.50 版本存在安全漏洞,该漏洞源于 devices/gdevclj.c 的 clj_media_size 函数中存在缓冲区溢出漏洞。 - - -- zhangruijia Sat, 09 Dec 2023 20:04:47 +0800 - - ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok6) yangtze; urgency=medium * Update package info. -- Gitee