]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: bd8d2c2) | patch
ghostscript: fix CVE-2018-17961
authorHongxu Jia <hongxu.jia@windriver.com>
Mon, 5 Nov 2018 08:03:35 +0000 (16:03 +0800)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 6 Nov 2018 11:54:30 +0000 (11:54 +0000)
commit6c32ea184941d292cd8f0eb898e6cc90120ada40
tree65cb0c1bdfba62ecbbab1a93d1d8509a90278c50tree | snapshot
parentbd8d2c25f595e30a3fdcad8a2409913bb8af7c5ccommit | diff
ghostscript: fix CVE-2018-17961

Artifex Ghostscript 9.25 and earlier allows attackers to bypass a
sandbox protection mechanism via vectors involving errorhandler
setup. NOTE: this issue exists because of an incomplete fix for
CVE-2018-17183.

Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-extended/ghostscript/files/0001-Bug-699795-add-operand-checking-to-.setnativefontmap.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0002-Bug-699816-Improve-hiding-of-security-critical-custo.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0003-Bug-699832-add-control-over-hiding-error-handlers.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0004-For-hidden-operators-pass-a-name-object-to-error-han.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/files/0005-Bug-699938-.loadfontloop-must-be-an-operator.patch [new file with mode: 0644] blob
meta/recipes-extended/ghostscript/ghostscript_9.25.bb diff | blob | history
Mirror of the official openembedded-core repository