diff options
| author | Yogita Urade <yogita.urade@windriver.com> | 2025-01-09 12:25:26 +0000 |
|---|---|---|
| committer | Armin Kuster <akuster808@gmail.com> | 2025-01-22 19:16:45 -0500 |
| commit | e9e496dc64ed0abf602ea103ee10e6d3ffd918b9 (patch) | |
| tree | 65019c949efb0c760184013f608f27bb6803827a /meta-oe/recipes-support/poppler/poppler_22.04.0.bb | |
| parent | 9d2f35c8ce8c65434f8c91c3bec927f38334b76c (diff) | |
| download | meta-openembedded-e9e496dc64ed0abf602ea103ee10e6d3ffd918b9.tar.gz | |
poppler: fix CVE-2024-6239
A flaw was found in the Poppler's Pdfinfo utility. This issue
occurs when using -dests parameter with pdfinfo utility. By
using certain malformed input files, an attacker could cause
the utility to crash, leading to a denial of service.
CVE-2024-6239-0001 is the dependent commit and CVE-2024-6239-0002
is the actual CVE fix.
fix indent issue in poppler_22.04.0.bb file.
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2024-6239
Upstream patches:
https://gitlab.freedesktop.org/poppler/poppler/-/commit/0554731052d1a97745cb179ab0d45620589dd9c4
https://gitlab.freedesktop.org/poppler/poppler/-/commit/fc1c711cb5f769546c6b31cc688bf0ee7f0c1dbc
Signed-off-by: Yogita Urade <yogita.urade@windriver.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Diffstat (limited to 'meta-oe/recipes-support/poppler/poppler_22.04.0.bb')
| -rw-r--r-- | meta-oe/recipes-support/poppler/poppler_22.04.0.bb | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb index 04106f11aa..f49571caa9 100644 --- a/meta-oe/recipes-support/poppler/poppler_22.04.0.bb +++ b/meta-oe/recipes-support/poppler/poppler_22.04.0.bb | |||
| @@ -7,7 +7,9 @@ SRC_URI = "http://poppler.freedesktop.org/${BP}.tar.xz \ | |||
| 7 | file://0001-Do-not-overwrite-all-our-build-flags.patch \ | 7 | file://0001-Do-not-overwrite-all-our-build-flags.patch \ |
| 8 | file://basename-include.patch \ | 8 | file://basename-include.patch \ |
| 9 | file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ | 9 | file://0001-JBIG2Stream-Fix-crash-on-broken-file.patch \ |
| 10 | file://CVE-2023-34872.patch \ | 10 | file://CVE-2023-34872.patch \ |
| 11 | file://CVE-2024-6239-0001.patch \ | ||
| 12 | file://CVE-2024-6239-0002.patch \ | ||
| 11 | " | 13 | " |
| 12 | SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" | 14 | SRC_URI[sha256sum] = "813fb4b90e7bda63df53205c548602bae728887a60f4048aae4dbd9b1927deff" |
| 13 | 15 | ||
