]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 6c32ea1) | patch
ghostscript: fix CVE-2018-18073
authorHongxu Jia <hongxu.jia@windriver.com>
Mon, 5 Nov 2018 08:03:36 +0000 (16:03 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 6 Nov 2018 11:54:30 +0000 (11:54 +0000)
commit6098c19e1f179896af7013c4b5db3081549c97bc
tree03349714444f010876d773ec16af365a060ab7fbtree | snapshot
parent6c32ea184941d292cd8f0eb898e6cc90120ada40commit | diff
ghostscript: fix CVE-2018-18073

Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/ghostscript/files/0006-Undefine-some-additional-internal-operators.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.25.bb diff | blob | history
Mirror of the official openembedded-core repository