ghostscript: ignore CVE-2024-29507 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Peter Marko <peter.marko@siemens.com>	2025-05-03 20:56:35 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-05-14 06:38:21 -0700
commit	73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885 (patch)
tree	57e9c441380ea3cea58626889dd989e82ff8fc7b /scripts/lib/scriptpath.py
parent	235e74ba096c3d3f9b86e81d60fb9e9f6424df86 (diff)
download	poky-73c2187fbc70bf5ddf7a9c4cb212ad1ff9a63885.tar.gz

ghostscript: ignore CVE-2024-29507

Fix for this CVE is [3] (per [1] and [2]). It fixes cidfsubstfont handling which is not present in 9.55.0 yet. It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified to cidfsubstfont in [5]. Since this recipe has version 9.55.0, mark it as not affected yet. [1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f [2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507 [3] https://security-tracker.debian.org/tracker/CVE-2024-29507 [4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23 [5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3 (From OE-Core rev: 5c9f3c244971aadee65a98d83668e3d5d63825a0) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/scriptpath.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: