kumquat-buildroot/package/ghostscript
Fabrice Fontaine df91a970b6 package/ghostscript: security bump to version 9.56.1
Fix CVE-2022-2085: A NULL pointer dereference vulnerability was found in
Ghostscript, which occurs when it tries to render a large number of bits
in memory. When allocating a buffer device, it relies on an
init_device_procs defined for the device that uses it as a prototype
that depends upon the number of bits per pixel. For bpp > 64,
mem_x_device is used and does not have an init_device_procs defined.
This flaw allows an attacker to parse a large number of bits (more than
64 bits per pixel), which triggers a NULL pointer dereference flaw,
causing an application to crash.

Drop patch (already in version)

https://www.ghostscript.com/doc/9.56.0/News.htm
https://www.ghostscript.com/doc/9.56.1/News.htm

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-02 15:54:05 +02:00
..
Config.in
ghostscript.hash package/ghostscript: security bump to version 9.56.1 2022-07-02 15:54:05 +02:00
ghostscript.mk package/ghostscript: security bump to version 9.56.1 2022-07-02 15:54:05 +02:00