summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch32
-rw-r--r--meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb1
2 files changed, 33 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
new file mode 100644
index 0000000000..d91a94e9d0
--- /dev/null
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2023-46361.patch
@@ -0,0 +1,32 @@
1From 44ca5b9d023e1de33fcb8984c85bb29619c4db7e Mon Sep 17 00:00:00 2001
2From: Sebastian Rasmussen <sebras@gmail.com>
3Date: Sun, 5 Nov 2023 12:21:52 +0100
4Subject: [PATCH] Bug 705041: jbig2dec: Avoid uninitialized allocator in
5 command-line tool.
6
7This fixes CVE-2023-46361.
8
9CVE: CVE-2023-46361
10
11Upstream-Status: Backport [https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=44ca5b9d023e1de33fcb8984c85bb29619c4db7e]
12
13Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com>
14---
15 jbig2dec/jbig2dec.c | 2 +-
16 1 file changed, 1 insertion(+), 1 deletion(-)
17
18diff --git a/jbig2dec/jbig2dec.c b/jbig2dec/jbig2dec.c
19index dc1fd56..78c8e89 100644
20--- a/jbig2dec/jbig2dec.c
21+++ b/jbig2dec/jbig2dec.c
22@@ -567,7 +567,7 @@ main(int argc, char **argv)
23 {
24 jbig2dec_params_t params;
25 jbig2dec_error_callback_state_t error_callback_state;
26- jbig2dec_allocator_t allocator_;
27+ jbig2dec_allocator_t allocator_ = { 0 };
28 jbig2dec_allocator_t *allocator = &allocator_;
29 Jbig2Ctx *ctx = NULL;
30 FILE *f = NULL, *f_page = NULL;
31--
322.40.0
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index 969e637f5e..9f368a291f 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -56,6 +56,7 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d
56 file://CVE-2024-29506.patch \ 56 file://CVE-2024-29506.patch \
57 file://CVE-2024-29508-1.patch \ 57 file://CVE-2024-29508-1.patch \
58 file://CVE-2024-29508-2.patch \ 58 file://CVE-2024-29508-2.patch \
59 file://CVE-2023-46361.patch \
59" 60"
60 61
61SRC_URI = "${SRC_URI_BASE} \ 62SRC_URI = "${SRC_URI_BASE} \