mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-02-23 18:09:40 +01:00
Code Issues Packages Projects Releases Wiki Activity
43,439 Commits 38 Branches 617 Tags
a9f439367d334667c195589e0b5025f8a0973ae2
Commit Graph

3 Commits

Author SHA1 Message Date
Catalin Enache
1fb5079557 ghostscript : CVE-2016-10219, CVE-2016-10220, CVE-2017-5951 
The intersect function in base/gxfill.c in Artifex Software, Inc. Ghostscript
9.20 allows remote attackers to cause a denial of service (divide-by-zero
error and application crash) via a crafted file.

The gs_makewordimagedevice function in base/gsdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file that is
mishandled in the PDF Transparency module.

The mem_get_bits_rectangle function in base/gdevmem.c in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial of service (NULL
pointer dereference and application crash) via a crafted file.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10219
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-10220
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5951

Upstream patches:
http://git.ghostscript.com/?p=ghostpdl.git;h=4bef1a1d32e29b68855616020dbff574b9cda08f
http://git.ghostscript.com/?p=ghostpdl.git;h=daf85701dab05f17e924a48a81edc9195b4a04e8
http://git.ghostscript.com/?p=ghostpdl.git;h=bfa6b2ecbe48edc69a7d9d22a12419aed25960b8

(From OE-Core rev: 6679a4d4379f6f18554ed0042546cce94d5d0b19)

(From OE-Core rev: 55fa8b210139509859258c0ee11b3534f10fa509)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:07:34 +01:00
Catalin Enache
0c5ab30a30 ghostscript: CVE-2017-7207 
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)

(From OE-Core rev: 3497bb564fa3bb1d6b938630cd660ee77bec5ab7)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2017-05-18 13:07:34 +01:00
Hongxu Jia
16fbcbb57a ghostscript: upgrade to 9.19 
- Ghostscript and GhostPDL releases from version 9.19 have been moved to GitHub
  hosting, tweak download site

- Drop 0001-Bug-696497-Fix-support-for-building-with-no-jbig2-de.patch, and
  0002-Bug-696497-part-2-fix-support-for-building-with-a-JP.patch, ghostscript
  9.19 has fixed them.

- Fix QA Warning unrecognised options: --enable-little-endian. It use AC_C_BIGENDIAN
  to detect big/little endian.
  http://www.delorie.com/gnu/docs/autoconf/autoconf_64.html

(From OE-Core rev: 227ca0a373b5a93602a419296ff1da1a96615ba2)

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2016-06-15 08:35:02 +01:00