diff options
author | Catalin Enache <catalin.enache@windriver.com> | 2017-04-05 15:06:51 +0300 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2017-04-10 23:00:42 +0100 |
commit | 6df3fde8e952799b91f3812b4f7929d7a34cddfe (patch) | |
tree | 379da18a1bd83a76fcb4fe23ee0158a4bd8dd2d6 /meta/recipes-extended/ghostscript/ghostscript_9.20.bb | |
parent | 77de4e58bfd291ea98c20609c5524c6983d29d89 (diff) | |
download | poky-6df3fde8e952799b91f3812b4f7929d7a34cddfe.tar.gz |
ghostscript: CVE-2017-7207
The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.
Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207
Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091
(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)
Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript_9.20.bb')
-rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.20.bb | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb index 210e9a73b9..e8fc5dfbb6 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb | |||
@@ -31,6 +31,7 @@ SRC_URI = "${SRC_URI_BASE} \ | |||
31 | file://ghostscript-9.02-genarch.patch \ | 31 | file://ghostscript-9.02-genarch.patch \ |
32 | file://objarch.h \ | 32 | file://objarch.h \ |
33 | file://cups-no-gcrypt.patch \ | 33 | file://cups-no-gcrypt.patch \ |
34 | file://CVE-2017-7207.patch \ | ||
34 | " | 35 | " |
35 | 36 | ||
36 | SRC_URI_class-native = "${SRC_URI_BASE} \ | 37 | SRC_URI_class-native = "${SRC_URI_BASE} \ |