mirror of
https://github.com/godotengine/buildroot.git
synced 2026-01-04 06:10:16 +03:00
package/ghostscript: security bump to version 9.53.0
- Use tar.gz as SHA512SUMS does not contain the hash for tar.xz
- Fix CVE-2020-15900: A memory corruption issue was found in Artifex
Ghostscript 9.50 and 9.52. Use of a non-standard PostScript operator
can allow overriding of file access controls. The 'rsearch'
calculation for the 'post' size resulted in a size that was too large,
and could underflow to max uint32_t.
https://www.ghostscript.com/doc/9.53.0/News.htm
Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit cae8be20ed)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
committed by
Peter Korsgaard
Peter Korsgaard
parent
3c547c1827
commit
a052a9dfc3
@@ -1,5 +1,5 @@
|
||||
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs952/SHA512SUMS
|
||||
sha512 4c4a33884e1138bad553eee61fac1a72158297ad5c2ce46a4b36150848dea8158affaf2b902f4ff03e4f72ebc8154c198b618112624f409230a610b7648faa67 ghostscript-9.52.tar.xz
|
||||
# From https://github.com/ArtifexSoftware/ghostpdl-downloads/releases/download/gs9530/SHA512SUMS
|
||||
sha512 fe73842339bee7aa6d0f177be7733b97b9394dafe69b122645c9c80de763214ffb6735b961ff5bf97146b29c2d0e9b4b9cfaee60baf77a1c280bcf651d789982 ghostscript-9.53.0.tar.gz
|
||||
|
||||
# Hash for license file:
|
||||
sha256 6f852249f975287b3efd43a5883875e47fa9f3125e2f1b18b5c09517ac30ecf2 LICENSE
|
||||
|
||||
Reference in New Issue
Block a user