ghostscript: CVE-2017-9727, -9835, -11714

CVE-2017-9727: make bounds check in gx_ttfReader__Read more robust
CVE-2017-9835: bounds check the array allocations methods
CVE-2017-11714: prevent trying to reloc a freed object

(From OE-Core rev: 2eae91f9fa1cfdd3f0e6111956c8f193fd0db69f)

(From OE-Core rev: 1c9e3318791e36d6bc851192a7640ee639f61f23)

Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

1 files changed, 3 insertions, 0 deletions

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
index a7fb467fc5..e1d9700ab5 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
@@ -45,6 +45,9 @@ SRC_URI = "${SRC_URI_BASE} \
            file://CVE-2017-9612.patch \
            file://CVE-2017-9739.patch \
            file://CVE-2017-9726.patch \
+           file://CVE-2017-9727.patch \
+           file://CVE-2017-9835.patch \
+           file://CVE-2017-11714.patch \
            "
 
 SRC_URI_class-native = "${SRC_URI_BASE} \