godotengine/buildroot
1
0
Fork 0
mirror of https://github.com/godotengine/buildroot.git synced 2026-01-04 06:10:16 +03:00
Code Issues Packages Projects Releases Wiki Activity

package/ghostscript: fix CVE-2020-15900

Browse Source 
A memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of
file access controls. The 'rsearch' calculation for the 'post' size
resulted in a size that was too large, and could underflow to max
uint32_t. This was fixed in commit
5d499272b95a6b890a1397e11d20937de000d31b.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
(cherry picked from commit 13ddfcdce7)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
This commit is contained in:
Fabrice Fontaine
2020-08-10 11:14:41 +02:00
committed by Peter Korsgaard
parent aa1773ea21
commit aa9b2b0abe
2 changed files with 57 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
package/ghostscript/ghostscript.mk
View File

@@ -23,6 +23,9 @@ GHOSTSCRIPT_DEPENDENCIES = \
libpng \
tiff
# 0002-Bug-702582-CVE-2020-15900-Memory-Corruption-in-Ghostscript-9-52.patch
GHOSTSCRIPT_IGNORE_CVES += CVE-2020-15900
# Ghostscript includes (old) copies of several libraries, delete them.
# Inspired by linuxfromscratch:
# http://www.linuxfromscratch.org/blfs/view/svn/pst/gs.html