projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 9b367a0) | patch
package/ghostscript: fix CVE-2020-15900
authorFabrice Fontaine <fontaine.fabrice@gmail.com>
Mon, 10 Aug 2020 09:14:41 +0000 (11:14 +0200)
committerThomas Petazzoni <thomas.petazzoni@bootlin.com>
Thu, 13 Aug 2020 20:43:59 +0000 (22:43 +0200)
commit13ddfcdce75d4da053f20b1aefa27e7303bcdbf5
tree327ac37d49f80f1f5b7a4b82b545400b87ae77e9tree
parent9b367a00337e8a85e81e3faf24793249bc214bbfcommit | diff
package/ghostscript: fix CVE-2020-15900

A memory corruption issue was found in Artifex Ghostscript 9.50 and
9.52. Use of a non-standard PostScript operator can allow overriding of
file access controls. The 'rsearch' calculation for the 'post' size
resulted in a size that was too large, and could underflow to max
uint32_t. This was fixed in commit
5d499272b95a6b890a1397e11d20937de000d31b.

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
package/ghostscript/0002-Bug-702582-CVE-2020-15900-Memory-Corruption-in-Ghostscript-9-52.patch [new file with mode: 0644] blob
package/ghostscript/ghostscript.mk diff | blob | history