]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 7e2fe50) | patch
ghostscript: Backport fix CVE-2023-43115
authorVijay Anusuri <vanusuri@mvista.com>
Mon, 9 Oct 2023 04:18:05 +0000 (09:48 +0530)
committerSteve Sakoman <steve@sakoman.com>
Mon, 9 Oct 2023 14:06:35 +0000 (04:06 -1000)
commita43f7277061ee6c30c42c9318e3e9dd076563f5d
tree2df056b4378ec41f1c9f123edf6fedd321752be7tree
parent7e2fe508b456207fd991ece7621ef8ba24b89e59commit | diff
ghostscript: Backport fix CVE-2023-43115

In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS server).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43115

Upstream commit:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=e59216049cac290fb437a04c4f41ea46826cfba5

Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2023-43115.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.52.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core