summaryrefslogtreecommitdiffstats
path: root/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
diff options
context:
space:
mode:
authorYogita Urade <yogita.urade@windriver.com>2025-01-09 12:25:26 +0000
committerArmin Kuster <akuster808@gmail.com>2025-01-22 19:16:45 -0500
commite9e496dc64ed0abf602ea103ee10e6d3ffd918b9 (patch)
tree65019c949efb0c760184013f608f27bb6803827a /meta-oe/recipes-support/poppler/poppler_22.04.0.bb
parent9d2f35c8ce8c65434f8c91c3bec927f38334b76c (diff)
downloadmeta-openembedded-e9e496dc64ed0abf602ea103ee10e6d3ffd918b9.tar.gz
poppler: fix CVE-2024-6239
A flaw was found in the Poppler's Pdfinfo utility. This issue occurs when using -dests parameter with pdfinfo utility. By using certain malformed input files, an attacker could cause the utility to crash, leading to a denial of service. CVE-2024-6239-0001 is the dependent commit and CVE-2024-6239-0002 is the actual CVE fix. fix indent issue in poppler_22.04.0.bb file. Reference: https://nvd.nist.gov/vuln/detail/CVE-2024-6239 Upstream patches: https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4 https://gitlab.freedesktop.org/poppler/poppler/-/commit/fc1c711cb5f769546c6b31cc688bf0ee7f0c1dbc Signed-off-by: Yogita Urade <yogita.urade@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/poppler/poppler_22.04.0.bb')
-rw-r--r--meta-oe/recipes-support/poppler/poppler_22.04.0.bb4
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
index 04106f11aa..f49571caa9 100644
--- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
+++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb
@@ -7,7 +7,9 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \
7 file://0001-Do-not-overwrite-all-our-build-flags.patch \ 7 file://0001-Do-not-overwrite-all-our-build-flags.patch \
8 file://basename-include.patch \ 8 file://basename-include.patch \
9 file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ 9 file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \
10 file://CVE-2023-34872.patch \ 10 file://CVE-2023-34872.patch \
11 file://CVE-2024-6239-0001.patch \
12 file://CVE-2024-6239-0002.patch \
11 " 13 "
12SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" 14SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff"
13 15