[Buildroot] [PATCH 1/1] package/ghostscript: security bump to version 9.52

Thomas Petazzoni thomas.petazzoni at bootlin.com
Tue Aug 18 14:42:22 UTC 2020


On Mon, 17 Aug 2020 20:51:09 +0200
Fabrice Fontaine <fontaine.fabrice at gmail.com> wrote:

> Fix a bunch of CVEs: CVE-2020-16287, CVE-2020-16288, CVE-2020-16289,
> CVE-2020-16290, CVE-2020-16291, CVE-2020-16292, CVE-2020-16293,
> CVE-2020-16294, CVE-2020-16295, CVE-2020-16296, CVE-2020-16297,
> CVE-2020-16298, CVE-2020-16299, CVE-2020-16300, CVE-2020-16301,
> CVE-2020-16302, CVE-2020-16303, CVE-2020-16304, CVE-2020-16305
> CVE-2020-16308, CVE-2020-16309, CVE-2020-17538
> 
> PKGCONFIG must be passed since version 9.51 and
> https://github.com/ArtifexSoftware/ghostpdl/commit/2d84ecc57837785b566ebd9d5909ba9edc9d697f
> 
> Also drop patch (already in version) and update indentation in hash file
> (two spaces)
> 
> Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
> ---
>  ...emory-Corruption-in-Ghostscript-9-52.patch | 54 -------------------
>  package/ghostscript/ghostscript.hash          |  6 +--
>  package/ghostscript/ghostscript.mk            |  8 ++-
>  3 files changed, 6 insertions(+), 62 deletions(-)
>  delete mode 100644 package/ghostscript/0002-Bug-702582-CVE-2020-15900-Memory-Corruption-in-Ghostscript-9-52.patch

Amazing list of CVEs! Applied to master, thanks.

Thomas
-- 
Thomas Petazzoni, CTO, Bootlin
Embedded Linux and Kernel engineering
https://bootlin.com



More information about the buildroot mailing list