On Sun, Mar 3, 2024 at 3:50 PM Vijay Anusuri <[email protected]> wrote: > > Hi Steve, > > I've sent mail to [email protected] to update the information. > > Now it was updated in https://nvd.nist.gov/vuln/detail/CVE-2020-36773
Thanks! Steve > On Thu, Feb 8, 2024 at 8:40 PM Steve Sakoman <[email protected]> wrote: >> >> On Wed, Feb 7, 2024 at 8:42 PM Vijay Anusuri via >> lists.openembedded.org <[email protected]> >> wrote: >> > >> > From: Vijay Anusuri <[email protected]> >> > >> > Artifex Ghostscript before 9.53.0 has an out-of-bounds write and >> > use-after-free in devices/vector/gdevtxtw.c (for txtwrite) because a >> > single character code in a PDF document can map to more than one Unicode >> > code point (e.g., for a ligature). >> > >> > Reference: https://ubuntu.com/security/CVE-2020-36773 >> > >> > Signed-off-by: Vijay Anusuri <[email protected]> >> > --- >> > meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 4 ++++ >> > 1 file changed, 4 insertions(+) >> > >> > diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb >> > b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb >> > index e0d1e4618f..cc06d092c1 100644 >> > --- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb >> > +++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb >> > @@ -26,6 +26,10 @@ CVE_CHECK_IGNORE += "CVE-2013-6629" >> > # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe. >> > CVE_CHECK_IGNORE += "CVE-2023-38560" >> > >> > +# This CVE affects Ghostscript before 9.53.0 >> > +# https://ubuntu.com/security/CVE-2020-36773 >> > +CVE_CHECK_IGNORE += "CVE-2020-36773" >> >> When there is an error in the upstream database it is preferred that >> you send an email to [email protected] requesting an update >> (giving links that justify the change to make it easy for them to >> research) >> >> They are usually quite responsive, and this is much preferred to >> carrying an IGNORE in our metadata. >> >> Thanks! >> >> Steve >> >> > + >> > def gs_verdir(v): >> > return "".join(v.split(".")) >> > >> > -- >> > 2.25.1 >> > >> > >> > >> >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#196798): https://lists.openembedded.org/g/openembedded-core/message/196798 Mute This Topic: https://lists.openembedded.org/mt/104234914/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
