projects / buildroot.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 051e985) | patch
ghostscript: add upstream security fixes for CVE-2017-8291
authorPeter Korsgaard <peter@korsgaard.com>
Fri, 28 Apr 2017 07:49:30 +0000 (09:49 +0200)
committerPeter Korsgaard <peter@korsgaard.com>
Fri, 28 Apr 2017 12:15:32 +0000 (14:15 +0200)
commit874becfd019bc8f4e126684d08c4164e984b11c3
treefdc537e46077a033dd5058e1a8ba8ba77e10b978tree
parent051e9851f499fb2982591531e210c91563232c63commit | diff
ghostscript: add upstream security fixes for CVE-2017-8291

CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch [new file with mode: 0644] blob
package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch [new file with mode: 0644] blob