mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-26 19:39:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
67,661 Commits 38 Branches 619 Tags
3d4850b3eac151a17bb174f18f8dda4707dc104f
Commit Graph

7 Commits

Author SHA1 Message Date
Archana Polampalli
8e90df16f5 ghostscript: fix CVE-2023-38559 
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

(From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-08-19 05:56:58 -10:00
Archana Polampalli
ba1a77347c ghostscript: fix CVE-2023-36664 
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099

(From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-07-26 05:20:36 -10:00
Joe Slater
20e0e5ebfb ghostscript: fix CVE-2023-29979 
Backport from 10.02.0 (unreleased).

(From OE-Core rev: 6d5baff50aa83c663856cccc375c522add97625e)

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-03 04:17:12 -10:00
Lee Chee Yang
0a954bf5d7 ghostscript: fix CVE-2022-2085 
(From OE-Core rev: 645a619524d04aa6a2029a2810e2d84dc751fc48)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-07-08 08:27:15 +01:00
Richard Purdie
71ef319193 meta/scripts: Automated conversion of OE renamed variables 
(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-21 23:37:27 +00:00
Richard Purdie
b0130fcf91 meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers 
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.

(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-20 16:45:25 +00:00
Alexander Kanavin
6f138098b1 ghostscript: update 9.54.0 -> 9.55.0 
jbig2dec seems no longer optional; the source for it
is bundle with ghostscript.

License-Update: removed patent references
(From OE-Core rev: 44a3bea7e8fedbc76b6e8f97e1f669def81e158a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 17:42:25 +01:00