From 409df4552271f5bebef2463315f01530519d61b0 Mon Sep 17 00:00:00 2001 From: Richard Purdie Date: Tue, 11 May 2021 13:44:09 +0100 Subject: ghostscript: Exclude CVE-2013-6629 from cve-check The CVE is in the jpeg sources included with ghostscript. We use our own external jpeg library so this doesn't affect us. (From OE-Core rev: 8556d6a6722f21af5e6f97589bec3cbd31da206c) Signed-off-by: Richard Purdie --- meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'meta/recipes-extended/ghostscript') diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb index 9ace037aa9..81f8d615ae 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.54.0.bb @@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases" UPSTREAM_CHECK_REGEX = "(?P\d+(\.\d+)+)\.tar" +# As of ghostscript 9.54.0 the jpeg issue in the CVE is present in the gs jpeg sources +# however we use an external jpeg which doesn't have the issue. +CVE_CHECK_WHITELIST += "CVE-2013-6629" + def gs_verdir(v): return "".join(v.split(".")) -- cgit v1.2.3-54-g00ecf