Files
poky/meta/recipes-extended/ghostscript
Archana Polampalli ba1a77347c ghostscript: fix CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for
pipe devices (with the %pipe% prefix or the | pipe character prefix).

Reference:
https://nvd.nist.gov/vuln/detail/CVE-2023-36664

Upstream patches:
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea
https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099

(From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61)

Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
2023-07-26 05:20:36 -10:00
..
2020-05-03 15:41:40 +01:00