ghostscript: fix CVE-2021-45949 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Minjae Kim <flowergom@gmail.com>	2022-02-28 11:38:38 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-03-10 16:39:45 +0000
commit	f8d05252d1f99c49208e07133d8534fab70af37f (patch)
tree	f22934cbfc11aded4c6d6e7db9685ca26e0ebf31 /meta/recipes-extended/rpcbind
parent	b2bd31b9cc10165719d132073ddaa8e93298f633 (diff)
download	poky-f8d05252d1f99c49208e07133d8534fab70af37f.tar.gz

ghostscript: fix CVE-2021-45949

Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overflow in sampled_data_finish (called from sampled_data_continue and interp). To apply this CVE-2021-45959 patch, the check-stack-limits-after-function-evalution.patch should be applied first. References: https://nvd.nist.gov/vuln/detail/CVE-2021-45949 (From OE-Core rev: 5fb43ed64ae32abe4488f2eb37c1b82f97f83db0) (From OE-Core rev: 9b0199a1d8ec3c7bbfd2022932d524d61f2c6832) Signed-off-by: Minjae Kim <flowergom@gmail.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-extended/rpcbind')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: