47ed595ca1
tiff: Fix LICENSE
...
The contents of the LICENSE.md file included in the current source
code package match those of libtiff license, which seems to have been
the case since 1999 commit
https://gitlab.com/libtiff/libtiff/-/commit/0ef31e1f62aa7a8b1c488a59c4930775ee0046e4
where it was added with filename COPYRIGHT and was then changed to
LICENSE.md in 2022 commit
https://gitlab.com/libtiff/libtiff/-/commit/fa1d6d787fc67a1eeb3abccb790b5bee969d424b
(From OE-Core rev: 71d8e8b03349ab18dca558055c2b3a3687785ddf)
Signed-off-by: Niko Mauno <niko.mauno@vaisala.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-09-05 21:48:47 +01:00
c048a86145
Tiff: Security fix for CVE-2024-7006
...
Upstream-Status: Backport from [https://gitlab.com/libtiff/libtiff/-/commit/818fb8ce881cf839fbc710f6690aadb992aa0f9e ]
CVE's Fixed:
CVE-2024-7006 libtiff: NULL pointer dereference in tif_dirinfo.c
(From OE-Core rev: 5313b4b233a486e8a1483757ad9c9aed3a213aae)
Signed-off-by: Siddharth Doshi <sdoshi@mvista.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-08-15 14:51:55 +01:00
2bcd651a08
meta: Update CVE_STATUS for incorrect cpes
...
Set CVE_STATUS as none of the issues apply against the versions
used in the recipes.
(From OE-Core rev: cea8c8bf73e84133f566d1c2ca0637494f2d7afe)
Signed-off-by: Simone Weiß <simone.p.weiss@posteo.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-02-24 16:10:23 +00:00
eba805ace4
tiff: fix CVE-2023-52355 and CVE-2023-52356
...
CVE-2023-52355:
An out-of-memory flaw was found in libtiff that could be
triggered by passing a crafted tiff file to the
TIFFRasterScanlineSize64() API. This flaw allows a remote
attacker to cause a denial of service via a crafted input
with a size smaller than 379 KB.
Issue fixed by providing a documentation update.
CVE-2023-52356:
A segment fault (SEGV) flaw was found in libtiff that could
be triggered by passing a crafted tiff file to the
TIFFReadRGBATileExt() API. This flaw allows a remote attacker
to cause a heap-buffer overflow, leading to a denial of service.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-52355
https://security-tracker.debian.org/tracker/CVE-2023-52355
https://gitlab.com/libtiff/libtiff/-/issues/621
https://gitlab.com/libtiff/libtiff/-/merge_requests/553
https://nvd.nist.gov/vuln/detail/CVE-2023-52356
https://gitlab.com/libtiff/libtiff/-/issues/622
https://gitlab.com/libtiff/libtiff/-/merge_requests/546
(From OE-Core rev: 831d7a2fffb3dec94571289292f0940bc7ecd70a)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-02-08 10:53:13 +00:00
fcc39f3e04
tiff: fix CVE-2023-6228
...
CVE-2023-6228:
An issue was found in the tiffcp utility distributed by the
libtiff package where a crafted TIFF file on processing may
cause a heap-based buffer overflow leads to an application
crash.
References:
https://nvd.nist.gov/vuln/detail/CVE-2023-6228
https://gitlab.com/libtiff/libtiff/-/issues/606
(From OE-Core rev: 55735e0d75820d59e569a630679f9ac403c7fdbe)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2024-01-21 12:27:12 +00:00
2b32e0fd6e
tiff: Backport fixes for CVE-2023-6277
...
(From OE-Core rev: d115e17ad7775cf5bbfd402e98e61f362ac96efa)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-12-06 22:55:50 +00:00
8c5dd21254
tiff: upgrade 4.5.1 -> 4.6.0
...
(From OE-Core rev: 9e80f93ada4eae638350d86b8aa514203f757d43)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-26 10:35:27 +01:00
558f2e49a5
tiff: fix CVE-2023-41175
...
libtiff: potential integer overflow in raw2tiff.c
References:
https://bugzilla.redhat.com/show_bug.cgi?id=2235264
https://security-tracker.debian.org/tracker/CVE-2023-41175
https://gitlab.com/libtiff/libtiff/-/issues/592
(From OE-Core rev: 4ee806cbc12fbc830b09ba6222e96b1e5f24539f)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-20 08:57:26 +01:00
1843db6ae3
tiff: fix CVE-2023-40745
...
libtiff: integer overflow in tiffcp.c
References:
https://security-tracker.debian.org/tracker/CVE-2023-40745
https://gitlab.com/libtiff/libtiff/-/issues/591
https://bugzilla.redhat.com/show_bug.cgi?id=2235265
(From OE-Core rev: c3d4fbeb51278a04a6800c894c681733ad2259ca)
Signed-off-by: Yogita Urade <yogita.urade@windriver.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-09-20 08:57:26 +01:00
c15e506a46
cve_check: convert CVE_CHECK_IGNORE to CVE_STATUS
...
- Try to add convert and apply statuses for old CVEs
- Drop some obsolete ignores, while they are not relevant for current
version
(From OE-Core rev: 1634ed4048cf56788cd5c2c1bdc979b70afcdcd7)
Signed-off-by: Andrej Valek <andrej.valek@siemens.com >
Reviewed-by: Peter Marko <peter.marko@siemens.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-07-21 11:52:26 +01:00
238b4ff55e
tiff: upgrade to 4.5.1
...
Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE
updates.
(From OE-Core rev: 2200fde7011c4206382150c2602b2eb17423d45e)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-07-10 11:36:34 +01:00
a4bd1f7282
tiff: backport a fix for CVE-2023-26965
...
Fixes a bug where a buffer was used after a potential reallocation.
(From OE-Core rev: 48b8945fa570edcdf1e19ed4a4ca81c4416f1a6a)
Signed-off-by: Natasha Bailey <nat.bailey@windriver.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-06-27 16:23:40 +01:00
2f56bdb289
tiff: backport a fix for CVE-2023-2731
...
This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference.
(From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07)
Signed-off-by: Natasha Bailey <nat.bailey@windriver.com >
Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-06-01 08:05:11 +01:00
ddf68ab675
tiff: Remove unused patch from tiff
...
Remove 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
file from tiff as it was removed while upgrading tiff from
4.4.0 -> 4.5.0
(From OE-Core rev: c53abdb5ce9cdbfb0f9e48b64b800c45549d18a6)
Signed-off-by: Nikhil R <nikhilar2410@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-05-11 09:15:00 +01:00
2c9488e5d2
tiff: Add fix for CVE-2022-4645
...
Below patch fixes the CVE-2022-4645 as well.
0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645
(From OE-Core rev: 312393edf0aa5b2c515c08245d1c289ba79bad55)
Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com >
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-04-13 11:56:07 +01:00
1e9b6bf803
tiff: backport fix for CVE-2022-48281
...
(From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-02-24 11:04:27 +00:00
4360f7e2c1
libtiff: add PACKAGECONFIG for libdeflate and zstd
...
The main reason for this is an issue with latest libtiff update that causes
gtk4-native configure to fail in finding libtiff (while it just builds
fine for target).
By comparing libtiff-4.pc for native and target it turned out, that
it links for native with zstd and libdeflate. Probably because those libs
were found on my host system.
Adding PACKAGECONFIGS for the libs prevents us from taking them from the host.
(From OE-Core rev: ca2e2035b9d81a230a1a63f51b1300418e9b9ca6)
Signed-off-by: Markus Volk <f_l_k@t-online.de >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-01-31 17:11:06 +00:00
a51c87b6b4
tiff: Add packageconfig knob for webp
...
tiff-native otherwise falsely detects webp if its installed on build
host. This ensures deterministic behavior regardless of host.
(From OE-Core rev: 718c44f282310b2ca85877fed706460ccc1eebea)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-01-09 14:20:14 +00:00
eba274f60f
tiff: update 4.4.0 -> 4.5.0
...
Drop all CVE backports.
License-Update: formatting
(From OE-Core rev: 9a255a3b114686b04bf54560c7485552ec3b438c)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2023-01-06 12:08:33 +00:00
0b5e0e521a
tiff: Security fix for CVE-2022-3970
...
This patch contains a fix for CVE-2022-3970
Reference:
https://nvd.nist.gov/vuln/detail/CVE-2022-3970
https://security-tracker.debian.org/tracker/CVE-2022-3970
Patch generated from :
https://gitlab.com/libtiff/libtiff/-/commit/227500897dfb07fb7d27f7aa570050e62617e3be
(From OE-Core rev: 668ff495ac44e5b6d9e1af15d3861b5c2b4dfcd1)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-11-27 23:54:51 +00:00
5c86008856
tiff: fix a typo for CVE-2022-2953.patch
...
The CVE number in the patch is a typo. CVE-2022-2053 is not related to
libtiff. So fix it.
(From OE-Core rev: c9f76ef859b0b4edb83ac098816b625f52c78173)
Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-10-28 15:46:32 +01:00
38be41a6f8
tiff: fix a number of CVEs
...
Backport fixes from upstream for the following CVEs:
- CVE-2022-3599
- CVE-2022-3597
- CVE-2022-3626
- CVE-2022-3627
- CVE-2022-3570
- CVE-2022-3598
(From OE-Core rev: 722bbb88777cc3c7d1c8273f1279fc18ba33e87c)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-10-28 09:44:52 +01:00
c8d04cde0f
tiff: backport fix for CVE-2022-2953
...
(From OE-Core rev: aa018b5bec49c06e64a493a413f42558a17947cf)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-09-08 14:59:39 +01:00
96bd1c0f64
tiff: Backport a patch for CVE-2022-34526
...
(From OE-Core rev: ade918f1e904ecab2c74358ca874c6b9594de2f0)
Signed-off-by: Khem Raj <raj.khem@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-08-16 14:57:58 +01:00
5b03086c91
tiff: backport the fix for CVE-2022-2056, CVE-2022-2057, and CVE-2022-2058
...
(From OE-Core rev: a84538dbe760fed94cfe22a39b0a6f95c61c307d)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-07-12 12:52:52 +01:00
5709914874
tiff: update 4.3.0 -> 4.4.0
...
Drop all CVE backports.
(From OE-Core rev: ec3897659a046e7e3f652cabd04e98bb56f1b261)
Signed-off-by: Alexander Kanavin <alex@linutronix.de >
Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-06-07 21:21:54 +01:00
f3046bd853
tiff: Add jbig PACKAGECONFIG and clarify CVE-2022-1210
...
We never depended upon libjbig so this was never present. Add the
PACKAGECONFIG to make this explict.
CVE-2022-1210 is an issue in libjbig so we don't have a problem there,
mark as such.
(From OE-Core rev: 34e6a19f2430ee2fd0fec4bec1891e898a0d9766)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-05-28 18:38:02 +01:00
70c2ad9bca
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
...
These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by
3079627e and fixed by b4e79bfa.
(From OE-Core rev: 49e93892a37d1a2af2b0a155117441e978385e4c)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-05-28 10:33:49 +01:00
45afc335d3
tiff: Add marker for CVE-2022-1056 being fixed
...
As far as I can tell, the patches being applied also fix CVE-2022-1056 so
mark as such.
(From OE-Core rev: 256d212fd1eb9b6d4b87c2c84b1ea2a3afdeb843)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-04-13 16:52:24 +01:00
a2b1bfd957
tiff: backport CVE fixes:
...
Backport fixes for the following CVEs:
- CVE-2022-0865
- CVE-2022-0891
- CVE-2022-0907
- CVE-2022-0908
- CVE-2022-0909
- CVE-2022-0924
(From OE-Core rev: 2fe35de73cfa8de444d7ffb24246e8f87c36ee8d)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-03-23 12:13:50 +00:00
71ef319193
meta/scripts: Automated conversion of OE renamed variables
...
(From OE-Core rev: aa52af4518604b5bf13f3c5e885113bf868d6c81)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-02-21 23:37:27 +00:00
e600227b13
tiff: Add backports for two CVEs from upstream
...
(From OE-Core rev: 6ae14b4ff7a655b48c6d99ac565d12bf8825414f)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-02-21 07:52:04 +00:00
0e1d27b69d
tiff: backport fix for CVE-2022-22844
...
(From OE-Core rev: daf2880b7431aa641e02ebba8cbca40d81389088)
Signed-off-by: Ross Burton <ross.burton@arm.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2022-01-26 06:27:00 +00:00
bb6ddc3691
Convert to new override syntax
...
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
(From OE-Core rev: 42344347be29f0997cc2f7636d9603b1fe1875ae)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2021-08-02 15:44:10 +01:00
2d5c161021
tiff: Exclude CVE-2015-7313 from cve-check
...
Some fix upstream addresses the issue, it isn't clear which change this was. Our
current version doesn't have issues with the test image though so we can exclude.
(From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b)
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2021-05-12 23:06:05 +01:00
fa1208406e
tiff: upgrade 4.2.0 -> 4.3.0
...
(From OE-Core rev: 702c5c7973c77c51d5ce8de11e73c708c55927a3)
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2021-04-23 10:12:10 +01:00
0020bef146
recipes-multimedia: Add missing HOMEPAGE and DESCRIPTION for recipes.
...
Fixes: [YOCTO #13471 ]
(From OE-Core rev: 312994268bb68a012a61c99e1c3697e8de60a2ce)
Signed-off-by: Ida Delphine <idadelm@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2021-03-02 20:39:36 +00:00
55bf36bf4e
tiff: upgrade 4.1.0 -> 4.2.0
...
(From OE-Core rev: 9c2c01607929f9aed8d606ef4e049a435d8fe6f2)
Signed-off-by: Wang Mingyu <wangmy@cn.fujitsu.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2021-01-10 12:34:40 +00:00
d3984cd771
tiff: Extend for nativesdk
...
Doxygen in meta-oe has recently been extended for nativesdk. Doxygen is
often used together with mscgen which in turn depends indirectly on
tiff (via gd library).
(From OE-Core rev: 929cf038ec0f49e86d9ab0ec7e012320598ceb81)
Signed-off-by: Christian Eggers <ceggers@arri.de >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2020-06-04 13:27:32 +01:00
f931a332d1
tiff: update to 4.1.0
...
Drop backported patches.
(From OE-Core rev: e5ecf2604e5b8c957eb3bae21fb3c9b2b1b7e12f)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-11-21 23:08:19 +00:00
6df6e5d3ba
libtiff: fix CVE-2019-17546
...
Apply unmodified patch from upstream.
(From OE-Core rev: 844e7aa217f5ecf46766a07d46f9d7f083668e8e)
Signed-off-by: Joe Slater <joe.slater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-10-31 16:09:35 +00:00
c855f55a7d
tiff: fix CVE-2019-14973
...
CVE reference: https://nvd.nist.gov/vuln/detail/CVE-2019-14973
Upstream merge: https://gitlab.com/libtiff/libtiff/commit/2218055c
(From OE-Core rev: b57304c1afb73a698a1c40a017d433e4d81a8df2)
Signed-off-by: Trevor Gamblin <trevor.gamblin@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-10-02 10:09:47 +01:00
8e63ec13b4
tiff: fix CVE-2019-7663
...
(From OE-Core rev: d06d6910d1ec9374bb15e02809e64e81198731b6)
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-07-16 13:53:17 +01:00
d3e9a9b2a0
tiff: fix CVE-2019-6128
...
(From OE-Core rev: 7293e417dd9bdd04fe0fec177a76c9286234ed46)
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-07-16 13:53:16 +01:00
63731c5d5f
tiff: remove redundant patch
...
The patching to make the new libtool work (from 2008) is no longer needed.
(From OE-Core rev: 4210fafa851d011023f5a58ed3887148168f861c)
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2019-07-16 13:53:16 +01:00
691e306994
tiff: update to 4.0.10
...
(From OE-Core rev: 92a2e6dc73085ccb5482986c6b61d40992fb4f50)
Signed-off-by: Alexander Kanavin <alex.kanavin@gmail.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2018-11-23 23:35:18 +00:00
205d75ddb3
libtiff: fix CVE-2017-17095
...
Backport fix from gitlab.com/libtiff/libtiff.
nvd.nist.gov does not yet reference this patch.
(From OE-Core rev: f72c8af3f2c1ec9e4d9ffcf0cc6e7fdf572b21b9)
Signed-off-by: Joe Slater <joe.slater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2018-10-04 14:21:41 +01:00
8a2b440f87
tiff: security fix CVE-2018-7456
...
NULL pointer use as described at nvd.nist.gov/vuln/detail/CVE-2018-7456.
(From OE-Core rev: 122da5cec495fc8ddfd880327e7c3ed0dc70e04f)
Signed-off-by: Joe Slater <joe.slater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2018-07-26 13:16:40 +01:00
d85feee51c
tiff: security fix CVE-2018-8905
...
Buffer overflow described at nvd.nits.gov/vuln/detail/CVE-2018-8905.
(From OE-Core rev: 3f6f2a0619b4e243e6a9e52cee2cdd625ebf6769)
Signed-off-by: Joe Slater <joe.slater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2018-07-26 13:16:40 +01:00
90a06269df
tiff: security fix CVE-2018-10963
...
Denial of service described at https://nvd.nist.gov/vuln/detail/CVE-2018-10963 .
(From OE-Core rev: d19a9b41d3b2dcba3b102a8289b7787b4b131e96)
Signed-off-by: Joe Slater <joe.slater@windriver.com >
Signed-off-by: Ross Burton <ross.burton@intel.com >
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org >
2018-07-18 10:18:42 +01:00
Niko Mauno
Siddharth Doshi
Simone Weiß
Yogita Urade
Khem Raj
Alexander Kanavin
Andrej Valek
Ross Burton
Natasha Bailey
nikhil
Pawan Badganchi
Markus Volk
Qiu, Zheng
Richard Purdie
Ross Burton
wangmy
Meh Mbeh Ida Delphine
Wang Mingyu
Christian Eggers
Joe Slater
Trevor Gamblin
Ross Burton