]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 91e716b) | patch
ghostscript: fix CVE-2023-36664
authorVijay Anusuri <vanusuri@mvista.com>
Tue, 26 Sep 2023 04:31:05 +0000 (10:01 +0530)
committerSteve Sakoman <steve@sakoman.com>
Fri, 29 Sep 2023 15:38:26 +0000 (05:38 -1000)
commit13534218ec37706d9decca5b5bd0453e312d72b0
tree1386997dcf3ccf404d0d9a73bceb6ea58045d433tree
parent91e716b75861f2a4acee58a0c3f95e511058f1dccommit | diff
ghostscript: fix CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Upstream commits:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=4ceaf92815302863a8c86fcfcf2347e0118dd3a5
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-1.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-2.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-36664-pre1.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.52.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core