From: Peter Marko <peter.marko@siemens.com>
Date: Sat, 3 May 2025 18:56:34 +0000 (+0200)
Subject: ghostscript: ignore CVE-2025-27837
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fb5dc4a476bc4054493d6a7eb64a423e3665afb9;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

ghostscript: ignore CVE-2025-27837

This CVE only impacts codepaths relevant for Windows builds.
Se [1] from Debian which marks it as not applicable.

[1] https://security-tracker.debian.org/tracker/CVE-2025-27837

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 3d4ac77cfa..fd0506f438 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -26,6 +26,8 @@ CVE_CHECK_IGNORE += "CVE-2013-6629"
 CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
 CVE_CHECK_IGNORE += "CVE-2025-27833"
+# Only impacts codepaths relevant for Windows builds
+CVE_CHECK_IGNORE += "CVE-2025-27837"
 
 def gs_verdir(v):
     return "".join(v.split("."))