diff options
author | Hongxu Jia <hongxu.jia@windriver.com> | 2018-11-05 16:03:37 +0800 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-07 23:08:54 +0000 |
commit | 05c548c5f41cb7aa74984a0697b8ee8e0dceeb20 (patch) | |
tree | dad8550b61c16f21a25c12ba54b5ba427b144122 /meta/recipes-extended/ghostscript/ghostscript_9.25.bb | |
parent | 9e2e38d349d5ac41c140761f44b96a31171d5109 (diff) | |
download | openembedded-core-contrib-05c548c5f41cb7aa74984a0697b8ee8e0dceeb20.tar.gz |
ghostscript: fix CVE-2018-18284
Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving the 1Policy
operator.
(From OE-Core rev: 98ab5c5770d20b39bf3c58083f31f31838f2e940)
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript_9.25.bb')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.25.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb index 28521f3c4b..fdca8a2ac9 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb @@ -32,6 +32,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://0005-Bug-699938-.loadfontloop-must-be-an-operator.patch \ file://0006-Undefine-some-additional-internal-operators.patch \ file://0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch \ + file://0008-Make-.forceput-unavailable-from-.policyprocs-helper-.patch \ " SRC_URI = "${SRC_URI_BASE} \ |