From 21d886c12021f662c3d696c4e1ba027b3ea4ec51 Mon Sep 17 00:00:00 2001 From: rfzhu99 Date: Sat, 15 Jul 2023 13:15:17 +0800 Subject: [PATCH 1/2] Repair CVE-2020-16290 --- debian/changelog | 6 ++++++ devices/gdev3852.c | 7 +++++++ 2 files changed, 13 insertions(+) diff --git a/debian/changelog b/debian/changelog index 1c6e6a0..3330eac 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium + + * repare CVE-2020-16290 安全更新:修复未正确验证数据边界可能导致缓冲区溢出的漏洞。 + + -- rfzhu99 Sat, 15 Jul 2023 13:14:01 +0800 + ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium * another-lin CVE-2020-16288 安全更新:修复缓冲区错误的漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等. diff --git a/devices/gdev3852.c b/devices/gdev3852.c index 2222ebe..3ae9e5a 100644 --- a/devices/gdev3852.c +++ b/devices/gdev3852.c @@ -77,6 +77,13 @@ jetp3852_print_page(gx_device_printer *pdev, gp_file *prn_stream) int lnum; int line_size = gdev_mem_bytes_per_scan_line((gx_device *)pdev); int num_blank_lines = 0; + + if (line_size > DATA_SIZE) { + emprintf2(pdev->memory, "invalid resolution and/or width gives line_size = %d, max. is %d\n", + line_size, DATA_SIZE); + return_error(gs_error_rangecheck); + } + for ( lnum = 0; lnum < pdev->height; lnum++ ) { byte *end_data = data + line_size; gdev_prn_copy_scan_lines(pdev, lnum, -- Gitee From e7599833b4dacaa486ec117bde1634be54c8a5fd Mon Sep 17 00:00:00 2001 From: rfzhu99 Date: Sat, 15 Jul 2023 13:18:08 +0800 Subject: [PATCH 2/2] Repair CVE-2023-2911 --- debian/changelog | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index 3330eac..77c6af6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,4 +1,4 @@ -ghostscript (9.50~dfsg-ok4) yangtze; urgency=medium +ghostscript (9.50~dfsg-ok5) yangtze; urgency=medium * repare CVE-2020-16290 安全更新:修复未正确验证数据边界可能导致缓冲区溢出的漏洞。 -- Gitee