]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 38478a8)
ghostscript: ignore CVE-2023-38560
authorRoss Burton <ross.burton@arm.com>
Mon, 7 Aug 2023 16:56:56 +0000 (17:56 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Wed, 9 Aug 2023 20:45:54 +0000 (21:45 +0100)
The ghostscript recipe isn't vulnerable to CVE-2023-38560, as this is an
issue in the GhostPCL release, whereas this recipe is the Ghostscript
release.

Signed-off-by: Ross Burton <ross.burton@arm.com>
meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb patch | blob | blame | history

diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index 6b5f443db066d423b14f9178ca0d7a401f20b494..0ddf708f936daedc371ae08def85f1d31ff7e9cf 100644 (file)
--- a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -67,3 +67,5 @@ COMPATIBLE_HOST = "^(?!arc).*"
 
 # some entries in NVD uses gpl_ghostscript
 CVE_PRODUCT = "ghostscript gpl_ghostscript"
+
+CVE_STATUS[CVE-2023-38560] = "not-applicable-config: PCL isn't part of the Ghostscript release"
Mirror of git://git.openembedded.org/openembedded-core-contrib