]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: e84345d) | patch
ghostscript: fix CVE-2018-18073
authorHongxu Jia <hongxu.jia@windriver.com>
Mon, 5 Nov 2018 08:03:36 +0000 (16:03 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 7 Nov 2018 23:08:54 +0000 (23:08 +0000)
commit9e2e38d349d5ac41c140761f44b96a31171d5109
tree616061dafe409dc8229a9a107eecf42950200146tree
parente84345d6e6ce129e1bffccc29b5159cb50de5ed0commit | diff
ghostscript: fix CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.

(From OE-Core rev: 6098c19e1f179896af7013c4b5db3081549c97bc)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.25.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib