From 5c9f3c244971aadee65a98d83668e3d5d63825a0 Mon Sep 17 00:00:00 2001 From: Peter Marko Date: Sat, 3 May 2025 20:56:35 +0200 Subject: [PATCH] ghostscript: ignore CVE-2024-29507 Fix for this CVE is [3] (per [1] and [2]). It fixes cidfsubstfont handling which is not present in 9.55.0 yet. It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified to cidfsubstfont in [5]. Since this recipe has version 9.55.0, mark it as not affected yet. [1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f [2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507 [3] https://security-tracker.debian.org/tracker/CVE-2024-29507 [4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23 [5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index fd0506f438..e872fbe88c 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb @@ -25,7 +25,7 @@ CVE_CHECK_IGNORE += "CVE-2013-6629" # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe. CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954" # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet -CVE_CHECK_IGNORE += "CVE-2025-27833" +CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833" # Only impacts codepaths relevant for Windows builds CVE_CHECK_IGNORE += "CVE-2025-27837" -- 2.47.2