home-assistant
/
buildroot
mirror of https://github.com/home-assistant/buildroot.git
0
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
buildroot/package/ghostscript
History
Fabrice Fontaine cefd322fa8 package/ghostscript: security bump to version 9.56.1 
Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.

Drop patch (already in version)

https://www.ghostscript.com/doc/9.56.0/News.htm
https://www.ghostscript.com/doc/9.56.1/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit df91a970b6)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
 		2022-07-22 09:45:55 +02:00
..
Config.in
ghostscript.hash package/ghostscript: security bump to version 9.56.1 2022-07-22 09:45:55 +02:00
ghostscript.mk package/ghostscript: security bump to version 9.56.1 2022-07-22 09:45:55 +02:00