[kirkstone,1/5] ghostscript: ignore CVE-2024-46954

Message ID	20241231212511.3649711-2-peter.marko@siemens.com
State	Under Review
Delegated to:	Steve Sakoman
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.228, mailfrom: fm-256628-202412312126094edd736c373991eaf7-up2pxl@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][kirkstone][PATCH 1/5] ghostscript: ignore CVE-2024-46954 Date: Tue, 31 Dec 2024 22:25:07 +0100 Message-Id: <20241231212511.3649711-2-peter.marko@siemens.com> In-Reply-To: <20241231212511.3649711-1-peter.marko@siemens.com> References: <20241231212511.3649711-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	kirkstone CVE cleanup \| expand [kirkstone,0/5] kirkstone CVE cleanup [kirkstone,1/5] ghostscript: ignore CVE-2024-46954 [kirkstone,2/5] tiff: ignore CVE-2023-2731 [kirkstone,3/5] tiff: patch CVE-2023-3164 [kirkstone,4/5] gstreame1.0: ignore CVEs from gstreamer1.0-plugins-bad [kirkstone,5/5] xwayland: patch CVE-2023-5380 CVE-2024-0229

Message ID

20241231212511.3649711-2-peter.marko@siemens.com

State

Under Review

Delegated to:

Steve Sakoman

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][kirkstone][PATCH 1/5] ghostscript: ignore CVE-2024-46954
Date: Tue, 31 Dec 2024 22:25:07 +0100
Message-Id: <20241231212511.3649711-2-peter.marko@siemens.com>
In-Reply-To: <20241231212511.3649711-1-peter.marko@siemens.com>
References: <20241231212511.3649711-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

kirkstone CVE cleanup | expand

Commit Message

Peter Marko Dec. 31, 2024, 9:25 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.

[1] points to [2] as patch, while file base/gp_utf8.c is not part of
ghostscript source tarball.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-46954
[2] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=55f587dd039282316f512e1bea64218fd991f934

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index cd0a7de70e..6d425710b5 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -24,7 +24,7 @@  UPSTREAM_CHECK_REGEX = "(?P<pver>\d+(\.\d+)+)\.tar"
 CVE_CHECK_IGNORE += "CVE-2013-6629"
 
 # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
-CVE_CHECK_IGNORE += "CVE-2023-38560"
+CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 
 def gs_verdir(v):
     return "".join(v.split("."))

[kirkstone,1/5] ghostscript: ignore CVE-2024-46954

Commit Message

Patch