]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 53c39f2) | patch
ghostscript: CVE-2017-7207
authorCatalin Enache <catalin.enache@windriver.com>
Wed, 5 Apr 2017 12:06:51 +0000 (15:06 +0300)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 18 May 2017 12:04:50 +0000 (13:04 +0100)
commit3497bb564fa3bb1d6b938630cd660ee77bec5ab7
tree3cf4d32825f54e3c6bd04547b039f820e54b4a2btree | snapshot
parent53c39f29578a4468e7f64a7403e77c28d951de6acommit | diff
ghostscript: CVE-2017-7207

The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2017-7207.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.19.bb diff | blob | history
Mirror of the official openembedded-core repository