mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-23 18:09:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
45,566 Commits 38 Branches 617 Tags
9ef73fbeba5dd95e1cf4c5afebe98a2d76a8df2e
Commit Graph

4 Commits

Author SHA1 Message Date
Catalin Enache
5970acb3fe ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951 
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8

(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-04-29 11:17:23 +01:00
Catalin Enache
6df3fde8e9 ghostscript: CVE-2017-7207 
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-04-10 23:00:42 +01:00
Alexander Kanavin
4dcf0fed51 ghostscript: fix upstream version check 
(From OE-Core rev: 10001924baf112a4556c5e85c16c482cbf435950)

(From OE-Core rev: 4e8e884054b56c578d51d7b4af7150b77806368d)

Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-12-17 09:57:04 +00:00
Huang Qiyu
bd06c3641a ghostscript 9.19 -> 9.20 
1)Upgrade ghostscript from 9.19 to 9.20.
2)Modify ghostscript-9.15-parallel-make.patch, since the data has been changed.

(From OE-Core rev: 4f3483c3a0ba22f46d768d78d6f56880e8ac5608)

(From OE-Core rev: 9133ba6b8138951f3ef798f0a1cc6f694fe71868)

Signed-off-by: Huang Qiyu <huangqy.fnst@cn.fujitsu.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-12-17 09:57:03 +00:00