]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: a339dee) | patch
ghostscript: fix CVE-2021-45949
authorMinjae Kim <flowergom@gmail.com>
Fri, 28 Jan 2022 08:54:45 +0000 (08:54 +0000)
committerSteve Sakoman <steve@sakoman.com>
Mon, 7 Feb 2022 14:40:13 +0000 (04:40 -1000)
commit5fb43ed64ae32abe4488f2eb37c1b82f97f83db0
tree04cec4c12776786a8fa7b45cbd479fee7b523c03tree | snapshot
parenta339dee50be98931613e5525ccd2a623bcae7fd1commit | diff
ghostscript: fix CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish
(called from sampled_data_continue and interp).

To apply this CVE-2021-45959 patch,
the check-stack-limits-after-function-evalution.patch should be applied first.

References:
https://nvd.nist.gov/vuln/detail/CVE-2021-45949

Signed-off-by: Minjae Kim <flowergom@gmail.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-extended/ghostscript/ghostscript/CVE-2021-45949.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript/check-stack-limits-after-function-evalution.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.52.bb diff | blob | history
Mirror of the official openembedded-core repository