diff mbox series

[kirkstone,2/2] ghostscript: ignore CVE-2024-29507

Message ID 20250503185635.686386-2-peter.marko@siemens.com
State New
Headers show
Series [kirkstone,1/2] ghostscript: ignore CVE-2025-27837 | expand

Commit Message

Peter Marko May 3, 2025, 6:56 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

Fix for this CVE is [3] (per [1] and [2]).
It fixes cidfsubstfont handling which is not present in 9.55.0 yet.
It was introduced (as cidsubstpath) in 9.56.0 via [4] and later modified
to cidfsubstfont in [5].
Since this recipe has version 9.55.0, mark it as not affected yet.

[1] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=7745dbe24514710b0cfba925e608e607dee9eb0f
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-29507
[3] https://security-tracker.debian.org/tracker/CVE-2024-29507
[4] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=82efed6cae8b0f2a3d10593b21083be1e7b1ab23
[5] https://cgit.ghostscript.com/cgi-bin/cgit.cgi/ghostpdl.git/commit/?id=4422012f6b40f0627d3527dba92f3a1ba30017d3

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
diff mbox series

Patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
index fd0506f438..e872fbe88c 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_9.55.0.bb
@@ -25,7 +25,7 @@  CVE_CHECK_IGNORE += "CVE-2013-6629"
 # Issue in the GhostPCL. GhostPCL not part of this GhostScript recipe.
 CVE_CHECK_IGNORE += "CVE-2023-38560 CVE-2024-46954"
 # Vulnerable code was introduced in 9.56.0, so 9.55.0 is not affected yet
-CVE_CHECK_IGNORE += "CVE-2025-27833"
+CVE_CHECK_IGNORE += "CVE-2024-29507 CVE-2025-27833"
 # Only impacts codepaths relevant for Windows builds
 CVE_CHECK_IGNORE += "CVE-2025-27837"