diff options
| author |   Archana Polampalli <archana.polampalli@windriver.com> | 2023-07-18 11:34:43 +0000 |
|---|---|---|
| committer |   Steve Sakoman <steve@sakoman.com> | 2023-07-18 05:56:44 -1000 |
| commit | cd3921215cb782ecc9aeda5bb3b76863911bcb61 (patch) | |
| tree | 17e6cf25f712d0b9b89a22e9293a266e977538a8 /meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | |
| parent | aae5bf06ad3c67386544f9da55aa21fbf32c3418 (diff) | |
| download | openembedded-core-contrib-cd3921215cb782ecc9aeda5bb3b76863911bcb61.tar.gz | |
ghostscript: fix CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664
Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099
Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb')
| -rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index f29c57beea..48508fd6a2 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -35,6 +35,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://mkdir-p.patch \ file://CVE-2022-2085.patch \ file://cve-2023-28879.patch \ + file://CVE-2023-36664-0001.patch \ + file://CVE-2023-36664-0002.patch \ " SRC_URI = "${SRC_URI_BASE} \ |