From 6df3fde8e952799b91f3812b4f7929d7a34cddfe Mon Sep 17 00:00:00 2001
From: Catalin Enache <catalin.enache@windriver.com>
Date: Wed, 5 Apr 2017 15:06:51 +0300
Subject: ghostscript: CVE-2017-7207

The mem_get_bits_rectangle function in Artifex Software, Inc.
Ghostscript 9.20 allows remote attackers to cause a denial
of service (NULL pointer dereference) via a crafted PostScript
document.

Reference:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7207

Upstream patch:
http://git.ghostscript.com/?p=ghostpdl.git;h=309eca4e0a31ea70dcc844812691439312dad091

(From OE-Core rev: 0f22a27c2abd2f2dd9119681f139dd85dcb6479d)

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-extended/ghostscript/ghostscript_9.20.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-extended/ghostscript/ghostscript_9.20.bb')

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
index 210e9a73b9..e8fc5dfbb6 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.20.bb
@@ -31,6 +31,7 @@ SRC_URI = "${SRC_URI_BASE} \
            file://ghostscript-9.02-genarch.patch \
            file://objarch.h \
            file://cups-no-gcrypt.patch \
+           file://CVE-2017-7207.patch \
            "
 
 SRC_URI_class-native = "${SRC_URI_BASE} \
-- 
cgit v1.2.3-54-g00ecf