mirror of
https://git.yoctoproject.org/poky
synced 2026-04-18 21:32:12 +02:00
73c2187fbc
Fix for this CVE is [3] (per [1] and [2]). It fixes cidfsubstfont handling which is not present in 9.55.0 yet. It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified to cidfsubstfont in [5]. Since this recipe has version 9.55.0, mark it as not affected yet. [1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f [2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507 [3] https://security-tracker.debian.org/tracker/CVE-2024-29507 [4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23 [5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3 (From OE-Core rev: 5c9f3c244971aadee65a98d83668e3d5d63825a0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>