]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 918c8a1) | patch
ghostscript: fix CVE-2018-17961
authorHongxu Jia <hongxu.jia@windriver.com>
Mon, 5 Nov 2018 08:03:35 +0000 (16:03 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 7 Nov 2018 23:08:54 +0000 (23:08 +0000)
commite84345d6e6ce129e1bffccc29b5159cb50de5ed0
treed541cb5223e11c7a7a99831df197ad7c0a786504tree | snapshot
parent918c8a13b67b0eece6fcdf4dad43ad032acacca5commit | diff
ghostscript: fix CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.

(From OE-Core rev: 6c32ea184941d292cd8f0eb898e6cc90120ada40)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0003-Bug-699832-add-control-over-hiding-error-handlers.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0004-For-hidden-operators-pass-a-name-object-to-error-han.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.25.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib