mirror of
https://git.yoctoproject.org/poky
synced 2026-05-30 12:29:55 +00:00
Teoh Jay Shen
6d80584e9f
This series of patches include fixes for CVE-2022-2867,CVE-2022-2868 and CVE-2022-2869. These patches are modified using devtool and a review was conducted to make sure they all get applied in the correct location. References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2867 https://security-tracker.debian.org/tracker/CVE-2022-2867 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 https://security-tracker.debian.org/tracker/CVE-2022-2868 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2869 https://security-tracker.debian.org/tracker/CVE-2022-2869 Merge request: https://gitlab.com/libtiff/libtiff/-/merge_requests/294/diffs?commit_id=7d7bfa4416366ec64068ac389414241ed4730a54 Patches from: https://gitlab.com/libtiff/libtiff/-/commit/bcf28bb7f630f24fa47701a9907013f3548092cd?merge_request_iid=294 https://gitlab.com/libtiff/libtiff/-/commit/7d7bfa4416366ec64068ac389414241ed4730a54?merge_request_iid=294 https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294 Notes: These CVEs are fixed in tiff v4.4.0 (From OE-Core rev: 90a65fbefee1b7f615933f1bbbf5f83b6f928e8d) Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>