kumquat-buildroot/package/ghostscript
Peter Korsgaard 4e415b4164 package/ghostscript: add upstream security patch for CVE-2021-3781
The file access protection built into Ghostscript proved insufficient for
the "%pipe%" PostScript device, when combined with Ghostscript's requirement
to be able to create and control temporary files in the conventional
temporary file directories (for example, "/tmp" or "/temp).  This exploit is
restricted to Unix-like systems (i.e., it doesn't affect Windows).  The most
severe claimed results are only feasible if the exploit is run as a "high
privilege" user (root/superuser level) \u2013 a practice we would discourage
under any circumstances.

For more details, see the advisory:
https://ghostscript.com/CVE-2021-3781.html

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Signed-off-by: Arnout Vandecappelle (Essensium/Mind) <arnout@mind.be>
2021-09-22 21:20:30 +02:00
..
0001-bug-702985-drop-use-of-FT_CALLBACK_DEF.patch
0002-Bug-704342-Include-device-specifier-strings-in-acces.patch package/ghostscript: add upstream security patch for CVE-2021-3781 2021-09-22 21:20:30 +02:00
Config.in
ghostscript.hash
ghostscript.mk package/ghostscript: add upstream security patch for CVE-2021-3781 2021-09-22 21:20:30 +02:00