[Buildroot] [PATCH 1/1] package/ghostscript: fix CVE-2020-15900
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Thu Aug 13 20:54:10 UTC 2020
On Mon, 10 Aug 2020 11:14:41 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:
> A memory corruption issue was found in Artifex Ghostscript 9.50 and
> 9.52. Use of a non-standard PostScript operator can allow overriding of
> file access controls. The 'rsearch' calculation for the 'post' size
> resulted in a size that was too large, and could underflow to max
> uint32_t. This was fixed in commit
> 5d499272b95a6b890a1397e11d20937de000d31b.
>
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
> ...emory-Corruption-in-Ghostscript-9-52.patch | 54 +++++++++++++++++++
> package/ghostscript/ghostscript.mk | 3 ++
> 2 files changed, 57 insertions(+)
> create mode 100644 package/ghostscript/0002-Bug-702582-CVE-2020-15900-Memory-Corruption-in-Ghostscript-9-52.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com
More information about the buildroot
mailing list