diff options
Diffstat (limited to 'doc/History9.htm')
| -rw-r--r-- | doc/History9.htm | 30 |
1 files changed, 27 insertions, 3 deletions
diff --git a/doc/History9.htm b/doc/History9.htm index ac20b01e5..3a6e54b1d 100644 --- a/doc/History9.htm +++ b/doc/History9.htm @@ -79,7 +79,7 @@ TOC to see how to edit it for visual conciseness. <h2>Table of contents</h2> <blockquote><ul> -<li><a href="#Version9.51">Version 9.52 (2020-03-19)</a> +<li><a href="#Version9.52.1">Version 9.52.1 (2020-07-29)</a> <li><a href="#Version9.50">Version 9.50 (2019-10-15)</a> <li><a href="#Version9.27">Version 9.27 (2019-04-03)</a> <li><a href="#Version9.26">Version 9.26 (2018-11-20)</a> @@ -134,10 +134,13 @@ overview</a>. <!-- [1.0 end visible header] ============================================== --> <!-- [2.0 begin contents] ================================================== --> -<h2><a name="Version9.52"></a>Version 9.52 (2020-03-19)</h2> +<h2><a name="Version9.52"></a>Version 9.52.1 (2020-07-29)</h2> <p> Highlights in this release include: <ul> <li> +<p>9.52.1 is a patch release to address CVE 2020-15900 "Memory Corruption in Ghostscript 9.52" +</li> +<li> <p>The 9.52 release replaces the 9.51 release, after a problem was reported with 9.51 which warranted the quick turnaround. Thus, like 9.51, 9.52 is primarily a maintenance release, consolidating the changes we introduced in 9.50. @@ -221,6 +224,27 @@ at <a href="https://www.mupdf.com">MuPDF</a>. </ul> <h3><a name="9.52_changelog"></a>Changelog</h3> +<p><strong>2020-07-22 09:57:54 -0700 +</strong> +<br>Ray Johnston <ray.johnston@artifex.com><br> +<a href="http://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=7eab8141718744cf533667dcf024b4f2bd47b458">7eab8141718744cf533667dcf024b4f2bd47b458</a> +<blockquote> +<p> + Bug 702582, CVE 2020-15900 Memory Corruption in Ghostscript 9.52<br> +<br> + Fix the 'rsearch' calculation for the 'post' size to give the correct<br> + size. Previous calculation would result in a size that was too large,<br> + and could underflow to max uint32_t. Also fix 'rsearch' to return the<br> + correct 'pre' string with empty string match.<br> +<br> + A future change may 'undefine' this undocumented, non-standard operator<br> + during initialization as we do with the many other non-standard internal<br> + PostScript operators and procedures.<br> +<br> +psi/zstring.c<br> +<p> +</blockquote> +<hr> <p><strong>2020-03-14 15:07:37 +0000 </strong> <br>Chris Liddell <chris.liddell@artifex.com><br> @@ -228393,7 +228417,7 @@ or contact Artifex Software, Inc., 1305 Grant Avenue - Suite 200, Novato, CA 94945, U.S.A., +1(415)492-9861, for further information. <p> -<small>Ghostscript version 9.52, 19 March 2020 +<small>Ghostscript version 9.52.1, 29 July 2020 <!-- [3.0 end visible trailer] ============================================= --> |