summaryrefslogtreecommitdiffstats
path: root/scripts/lib/devtool/upgrade.py
diff options
context:
space:
mode:
authorArchana Polampalli <archana.polampalli@windriver.com>2023-07-18 11:34:43 +0000
committerSteve Sakoman <steve@sakoman.com>2023-07-26 05:20:36 -1000
commitba1a77347ca734f46bb2a6342d1c8b479120894a (patch)
treea3561e5c53322bd18a737b584af8d64b8c26f189 /scripts/lib/devtool/upgrade.py
parent81874924a71fb6061ae1eb27186bab8f74dea60c (diff)
downloadpoky-ba1a77347ca734f46bb2a6342d1c8b479120894a.tar.gz
ghostscript: fix CVE-2023-36664
Artifex Ghostscript through 10.01.2 mishandles permission validation for pipe devices (with the %pipe% prefix or the | pipe character prefix). Reference: https://nvd.nist.gov/vuln/detail/CVE-2023-36664 Upstream patches: https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=5e65eeae225c7d02d447de5abaf4a8e6d234fcea https://git.ghostscript.com/?p=ghostpdl.git;a=commitdiff;h=fb342fdb60391073a69147cb71af1ac416a81099 (From OE-Core rev: cd3921215cb782ecc9aeda5bb3b76863911bcb61) Signed-off-by: Archana Polampalli <archana.polampalli@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'scripts/lib/devtool/upgrade.py')
0 files changed, 0 insertions, 0 deletions
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-11-14 09:27:12 +0000