diff options
| author |   Hongxu Jia <hongxu.jia@windriver.com> | 2018-11-05 16:03:36 +0800 |
|---|---|---|
| committer |   Richard Purdie <richard.purdie@linuxfoundation.org> | 2018-11-06 11:54:30 +0000 |
| commit | 6098c19e1f179896af7013c4b5db3081549c97bc (patch) | |
| tree | 03349714444f010876d773ec16af365a060ab7fb /meta/recipes-extended/ghostscript/ghostscript_9.25.bb | |
| parent | 6c32ea184941d292cd8f0eb898e6cc90120ada40 (diff) | |
| download | openembedded-core-contrib-6098c19e1f179896af7013c4b5db3081549c97bc.tar.gz | |
ghostscript: fix CVE-2018-18073
Artifex Ghostscript allows attackers to bypass a sandbox protection
mechanism by leveraging exposure of system operators in the saved
execution stack in an error object.
Signed-off-by: Hongxu Jia <hongxu.jia@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta/recipes-extended/ghostscript/ghostscript_9.25.bb')
| -rw-r--r-- | meta/recipes-extended/ghostscript/ghostscript_9.25.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb index 55251a55d4..28521f3c4b 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.25.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.25.bb @@ -30,6 +30,8 @@ SRC_URI_BASE = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/d file://0003-Bug-699832-add-control-over-hiding-error-handlers.patch \ file://0004-For-hidden-operators-pass-a-name-object-to-error-han.patch \ file://0005-Bug-699938-.loadfontloop-must-be-an-operator.patch \ + file://0006-Undefine-some-additional-internal-operators.patch \ + file://0007-Bug-699927-don-t-include-operator-arrays-in-execstac.patch \ " SRC_URI = "${SRC_URI_BASE} \ |