Debian Patches
Status for mujs/1.1.0-1+deb11u3
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Install-versioned-shared-library.patch | Install versioned shared library | Bastian Germann <bastiangermann@fishpost.de> | no | 2020-07-30 | ||
| Set-the-right-.pc-version.patch | Set the right .pc version | Bastian Germann <bastiangermann@fishpost.de> | not-needed | 2020-06-17 | ||
| Clear-jump-list-after-patching-jump-addresses.patch | Bug 704749: Clear jump list after patching jump addresses. Since we can emit a statement multiple times when compiling try/finally we have to use a new patch list for each instance. |
Tor Andersson <tor.andersson@artifex.com> | no | upstream, http://git.ghostscript.com/?p=mujs.git;a=patch;h=df8559e7bdbc6065276e786217eeee70f28fce66 | 2021-12-06 | |
| Check-stack-overflow-during-regexp-compilation.patch | Issue #162: Check stack overflow during regexp compilation. Only bother checking during the first compilation pass that counts the size of the program. |
Tor Andersson <tor.andersson@artifex.com> | no | upstream, http://git.ghostscript.com/?p=mujs.git;a=commit;h=160ae29578054dc09fd91e5401ef040d52797e61 | 2022-05-17 | |
| Cope-with-empty-programs-in-mujs-pp.patch | Issue #161: Cope with empty programs in mujs-pp. | Tor Andersson <tor.andersson@artifex.com> | no | upstream, http://git.ghostscript.com/?p=mujs.git;a=commit;h=f5b3c703e18725e380b83427004632e744f85a6f | 2022-05-17 | |
| Dont-fclose-a-FILE-that-is-NULL.patch | Issue #161: Don't fclose a FILE that is NULL. | Tor Andersson <tor.andersson@artifex.com> | no | upstream, http://git.ghostscript.com/?p=mujs.git;a=commit;h=910acc807c3c057e1c0726160808f3a9f37b40ec | 2022-05-17 | |
| Fix-use-after-free-in-getOwnPropertyDescriptor.patch | Bug 706057: Fix use-after-free in getOwnPropertyDescriptor. getOwnPropertyDescriptor should create the descriptor object by using [[DefineOwnProperty]], and not by looking through the prototype chain where it may invoke getters and setters on the Object.prototype. If there exists an Object.prototype.get property with a setter, that method is invoked when it shouldn't. A malicious getter here can delete the property currently being processed in getOwnPropertyDescriptor, and we'll end up with a use-after-free bug. Avoid this problem by following the spec and use js_defproperty rather than js_setproperty to define own properties in getOwnPropertyDescriptor and related functions. |
Tor Andersson <tor.andersson@artifex.com> | no | upstream, http://git.ghostscript.com/?p=mujs.git;a=commit;h=edb50ad66f7601ca9a3544a0e9045e8a8c60561f | 2022-11-07 | |
| CVE-2021-33797.patch | Issue #148: Check for overflow when reading floating point exponent. GCC with -O2 optimizes away the if(exp<-maxExponent) branch completely, so we don't end up with the expected '512' value for overflowing exponents. Limit the exponent parsing to MAX_INT instead to prevent signed overflow from tripping up over-eager optimizing compilers. |
Tor Andersson <tor.andersson@artifex.com> | no | upstream, https://git.ghostscript.com/?p=mujs.git;a=patch;h=833b6f1672b4f2991a63c4d05318f0b84ef4d550 | 2021-04-21 |
All known versions for source package 'mujs'
- 1.3.6-1 (trixie, sid)
- 1.3.2-1 (bookworm)
- 1.1.0-1+deb11u3 (bullseye)
- 1.1.0-1+deb11u2 (bullseye-security)