[OE-core] [zeus][PATCH 06/10] ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813
Anuj Mittal
anuj.mittal at intel.com
Wed Dec 4 13:31:47 UTC 2019
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
https://www.openwall.com/lists/oss-security/2019/08/28/2
(From OE-Core rev: afef29326b4332fc87c53a5d9d43288cddcdd944)
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
Signed-off-by: Ross Burton <ross.burton at intel.com>
Signed-off-by: Richard Purdie <richard.purdie at linuxfoundation.org>
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
.../ghostscript/ghostscript/CVE-2019-14811-0001.patch | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
index 3f28555e8a..d4ef0996ec 100644
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
@@ -12,6 +12,7 @@ handler being used, but nevertheless, prevent access to .forceput from
.setuserparams2.
CVE: CVE-2019-14811
+CVE: CVE-2019-14813
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Stefan Ghinea <stefan.ghinea at windriver.com>
--
2.21.0
More information about the Openembedded-core
mailing list