ghostscript: ignore CVE-2024-29507

Fix for this CVE is [3] (per [1] and [2]). It fixes cidfsubstfont handling which is not present in 9.55.0 yet. It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified to cidfsubstfont in [5]. Since this recipe has version 9.55.0, mark it as not affected yet. [1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f [2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507 [3] https://security-tracker.debian.org/tracker/CVE-2024-29507 [4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23 [5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3 (From OE-Core rev: 5c9f3c244971aadee65a98d83668e3d5d63825a0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-05-03 20:56:35 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-05-14 06:38:21 -0700
commit: 73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885 (patch)
tree: 57e9c441380ea3cea58626889dd989e82ff8fc7b
parent: 235e74ba096c3d3f9b86e81d60fb9e9f6424df86 (diff)
download: poky-73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index fd0506f438..e872fbe88c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -25,7 +25,7 @@ CVE_CHECK_IGNORE += "CVE-2013-6629"
 # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
 CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
-CVE_CHECK_IGNORE += "CVE-2025-27833"
+CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
 # Only impacts codepaths relevant for Windows builds
 CVE_CHECK_IGNORE += "CVE-2025-27837"
author	Peter Marko <peter.marko@siemens.com>	2025-05-03 20:56:35 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-05-14 06:38:21 -0700
commit	73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885 (patch)
tree	57e9c441380ea3cea58626889dd989e82ff8fc7b
parent	235e74ba096c3d3f9b86e81d60fb9e9f6424df86 (diff)
download	poky-73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885.tar.gz

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb index fd0506f438..e872fbe88c 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -25,7 +25,7 @@ CVE_CHECK_IGNORE += "CVE-2013-6629"
25	# Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.	25	# Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
26	CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"	26	CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
27	# Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet	27	# Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
28	CVE_CHECK_IGNORE += "CVE-2025-27833"	28	CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
29	# Only impacts codepaths relevant for Windows builds	29	# Only impacts codepaths relevant for Windows builds
30	CVE_CHECK_IGNORE += "CVE-2025-27837"	30	CVE_CHECK_IGNORE += "CVE-2025-27837"
31		31