rtime.felk.cvut.cz Git - coffee/buildroot.git/commit

author	Peter Korsgaard <peter@korsgaard.com>
	Fri, 28 Apr 2017 07:49:30 +0000 (09:49 +0200)
committer	Peter Korsgaard <peter@korsgaard.com>
	Mon, 1 May 2017 06:38:47 +0000 (08:38 +0200)
commit	8879b99a50c3d6977222e289124d8d85765e8632
tree	028d1c147ec18e29f97fc601320b193c3bc05a98	tree \| snapshot
parent	60e7c1075f6c3878a38a217c34d5212af1a19633	commit \| diff

ghostscript: add upstream security fixes for CVE-2017-8291

CVE-2017-8291 - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass
and remote command execution via a "/OutputFile (%pipe%" substring in a
crafted .eps document that is an input to the gs program, as exploited in
the wild in April 2017.

For more details, see https://bugzilla.suse.com/show_bug.cgi?id=1036453

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 874becfd019bc8f4e126684d08c4164e984b11c3)
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>

package/ghostscript/0003-Bug-697799-have-.eqproc-check-its-parameters.patch	[new file with mode: 0644]	blob
package/ghostscript/0004-Bug-697799-have-.rsdparams-check-its-parameters.patch	[new file with mode: 0644]	blob