mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-05 07:39:49 +02:00
Code Issues Packages Projects Releases Wiki Activity
67,886 Commits 38 Branches 624 Tags
d8d6d921fad14b82167d9f031d4fca06b5e01883
Commit Graph

8 Commits

Author SHA1 Message Date
Archana Polampalli
df7a37d54f ghostscript: fix CVE-2023-43115 
In Artifex Ghostscript through 10.01.2, gdevijs.c in GhostPDL can lead to remote
code execution via crafted PostScript documents because they can switch to the
IJS device, or change the IjsServer parameter, after SAFER has been activated.
NOTE: it is a documented risk that the IJS server can be specified on a gs
command line (the IJS device inherently must execute a command to start the IJS server).

References:
https://nvd.nist.gov/vuln/detail/CVE-2023-43115

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commit;h=8b0f20002536867bd73ff4552408a72597190cbe

(From OE-Core rev: 1d169e50f28c93434461aa3ecbc47c21509143e9)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-09-30 09:43:59 -10:00
Archana Polampalli
8e90df16f5 ghostscript: fix CVE-2023-38559 
A buffer overflow flaw was found in base/gdevdevn.c:1973 in devn_pcx_write_rle()
in ghostscript. This issue may allow a local attacker to cause a denial of service
via outputting a crafted PDF file for a DEVN device with gs.

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-38559

Upstream patch:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=d81b82c70bc1fb9991bb95f1201abb5dea55f57f

(From OE-Core rev: e77c0b35969ae690b390ffae682fd6552ff8aff8)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-08-19 05:56:58 -10:00
Archana Polampalli
ba1a77347c ghostscript: fix CVE-2023-36664 
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099

(From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-07-26 05:20:36 -10:00
Joe Slater
20e0e5ebfb ghostscript: fix CVE-2023-29979 
Backport from 10.02.0 (unreleased).

(From OE-Core rev: 6d5baff50aa83c663856cccc375c522add97625e)

Signed-off-by: Joe Slater <joe.slater@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
 2023-05-03 04:17:12 -10:00
Lee Chee Yang
0a954bf5d7 ghostscript: fix CVE-2022-2085 
(From OE-Core rev: 645a619524d04aa6a2029a2810e2d84dc751fc48)

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-07-08 08:27:15 +01:00
Richard Purdie
71ef319193 meta/scripts: Automated conversion of OE renamed variables 
(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-21 23:37:27 +00:00
Richard Purdie
b0130fcf91 meta/meta-selftest/meta-skeleton: Update LICENSE variable to use SPDX license identifiers 
An automated conversion using scripts/contrib/convert-spdx-licenses.py to
convert to use the standard SPDX license identifiers. Two recipes in meta-selftest
were not converted as they're that way specifically for testing. A change in
linux-firmware was also skipped and may need a more manual tweak.

(From OE-Core rev: ceda3238cdbf1beb216ae9ddb242470d5dfc25e0)

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2022-02-20 16:45:25 +00:00
Alexander Kanavin
6f138098b1 ghostscript: update 9.54.0 -> 9.55.0 
jbig2dec seems no longer optional; the source for it
is bundle with ghostscript.

License-Update: removed patent references
(From OE-Core rev: 44a3bea7e8fedbc76b6e8f97e1f669def81e158a)

Signed-off-by: Alexander Kanavin <alex@linutronix.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2021-10-23 17:42:25 +01:00