diff mbox series

[2/2] ghostscript: ignore CVE-2023-38560

Message ID 20230807165945.4102126-2-ross.burton@arm.com
State Accepted, archived
Commit f82a13beabc784da1455f86064ce9f0f225b6e5a
Headers show
Series [1/2] ghostscript: backport fix for CVE-2023-38559 | expand

Commit Message

Ross Burton Aug. 7, 2023, 4:59 p.m. UTC 
From: Ross Burton <ross.burton@arm.com>

The ghostscript recipe isn't vulnerable to CVE-2023-38560, as this is an
issue in the GhostPCL release, whereas this recipe is the Ghostscript
release.

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
index 6b5f443db06..0ddf708f936 100644
--- a/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
+++ b/meta/recipes-extended/ghostscript/ghostscript_10.01.2.bb
@@ -67,3 +67,5 @@  COMPATIBLE_HOST = "^(?!arc).*"
 
 # some entries in NVD uses gpl_ghostscript
 CVE_PRODUCT = "ghostscript gpl_ghostscript"
+
+CVE_STATUS[CVE-2023-38560] = "not-applicable-config: PCL isn't part of the Ghostscript release"