ghostscript: fix CVE-2023-36664 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Archana Polampalli <archana.polampalli@windriver.com>	2023-07-18 11:34:43 +0000
committer	Steve Sakoman <steve@sakoman.com>	2023-07-26 05:20:36 -1000
commit	ba1a77347ca734f46bb2a6342d1c8b479120894a (patch)
tree	a3561e5c53322bd18a737b584af8d64b8c26f189 /scripts/lib/devtool/build_image.py
parent	81874924a71fb6061ae1eb27186bab8f74dea60c (diff)
download	poky-ba1a77347ca734f46bb2a6342d1c8b479120894a.tar.gz

ghostscript: fix CVE-2023-36664

Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36664 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099 (From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'scripts/lib/devtool/build_image.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: