[OE-core] [PATCH 1/2] ghostscript: fix for CVE-2019-14811 is same as CVE-2019-14813
Anuj Mittal
anuj.mittal at intel.com
Wed Nov 27 00:53:24 UTC 2019
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14813
https://www.openwall.com/lists/oss-security/2019/08/28/2
Signed-off-by: Anuj Mittal <anuj.mittal at intel.com>
---
.../ghostscript/ghostscript/CVE-2019-14811-0001.patch | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
index 3f28555e8a..d4ef0996ec 100644
--- a/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
+++ b/meta/recipes-extended/ghostscript/ghostscript/CVE-2019-14811-0001.patch
@@ -12,6 +12,7 @@ handler being used, but nevertheless, prevent access to .forceput from
.setuserparams2.
CVE: CVE-2019-14811
+CVE: CVE-2019-14813
Upstream-Status: Backport [git://git.ghostscript.com/ghostpdl.git]
Signed-off-by: Stefan Ghinea <stefan.ghinea at windriver.com>
--
2.21.0
More information about the Openembedded-core
mailing list