]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: ee44dab) | patch
ghostscript: CVE-2017-7207
authorCatalin Enache <catalin.enache@windriver.com>
Wed, 5 Apr 2017 12:06:51 +0000 (15:06 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 8 Apr 2017 21:48:04 +0000 (22:48 +0100)
commit0f22a27c2abd2f2dd9119681f139dd85dcb6479d
treeb0f3ef817ae097ba4fbfa34232cc3f5c45f97c17tree | snapshot
parentee44dabc065912ac17f1ee5f06f12695c90b5482commit | diff
ghostscript: CVE-2017-7207

The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.20.bb diff | blob | history
Mirror of the official openembedded-core repository