summaryrefslogtreecommitdiffstats
path: root/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14869-0001.patch
Commit message (Collapse)AuthorAgeFilesLines
* ghostscript: update 9.50 -> 9.52Alexander Kanavin2020-05-031-70/+0
| | | | | | | | | | | | | | Drop all custom objarch.h files; ghostscript nowadays generates that with autoconf. Freetype can no longer be disabled. Building out of source tree is broken. (From OE-Core rev: bb699a99b2e99a868520430c614d55ea3004427c) Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
* ghostscript: CVE-2019-14869Stefan Ghinea2019-11-251-0/+70
A flaw was found in all versions of ghostscript 9.x before 9.28, where the `.charkeys` procedure, where it did not properly secure its privileged calls, enabling scripts to bypass `-dSAFER` restrictions. An attacker could abuse this flaw by creating a specially crafted PostScript file that could escalate privileges within the Ghostscript and access files outside of restricted areas or execute commands. References: https://nvd.nist.gov/vuln/detail/CVE-2019-14869 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=485904 (From OE-Core rev: 0bb88ac63b4e1728373c6425477a32f7a6362b2c) Signed-off-by: Stefan Ghinea <stefan.ghinea@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2024-06-07 21:53:22 +0000