From: Ross Burton <[email protected]> The ghostscript recipe isn't vulnerable to CVE-2023-38560, as this is an issue in the GhostPCL release, whereas this recipe is the Ghostscript release.
Signed-off-by: Ross Burton <[email protected]> --- meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb index 6b5f443db06..0ddf708f936 100644 --- a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb +++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb @@ -67,3 +67,5 @@ COMPATIBLE_HOST = "^(?!arc).*" # some entries in NVD uses gpl_ghostscript CVE_PRODUCT = "ghostscript gpl_ghostscript" + +CVE_STATUS[CVE-2023-38560] = "not-applicable-config: PCL isn't part of the Ghostscript release" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#185613): https://lists.openembedded.org/g/openembedded-core/message/185613 Mute This Topic: https://lists.openembedded.org/mt/100604264/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
