From: Richard Purdie <[email protected]> The CVE is in the jpeg sources included with ghostscript. We use our own external jpeg library so this doesn't affect us.
Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 8556d6a6722f21af5e6f97589bec3cbd31da206c) Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-extended/ghostscript/ghostscript_9.52.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb index 65135f5821..32346e6811 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_9.52.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_9.52.bb @@ -19,6 +19,10 @@ DEPENDS_class-native = "libpng-native" UPSTREAM_CHECK_URI = "https://github.com/ArtifexSoftware/ghostpdl-downloads/releases"; UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar" +# The jpeg issue in the CVE is present in the gs jpeg sources +# however we use an external jpeg which doesn't have the issue. +CVE_CHECK_WHITELIST += "CVE-2013-6629" + def gs_verdir(v): return "".join(v.split(".")) -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#151958): https://lists.openembedded.org/g/openembedded-core/message/151958 Mute This Topic: https://lists.openembedded.org/mt/82887677/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
