tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid

These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by 3079627e and fixed by b4e79bfa. (From OE-Core rev: 4eb0b7468383a1d0314b3bfd43ea37c95de464d9) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Ross Burton <ross.burton@arm.com> 2022-05-23 13:14:50 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-05-28 10:38:17 +0100
commit: 00c04394cbc5ecaced7cc1bc8bc8787e621f987d (patch)
tree: 5885b8a4d6958732578d548cf9b3f915ab84c035
parent: 269f457a62b4c4b0c673859e3aef3c0c480f7a09 (diff)
download: poky-00c04394cbc5ecaced7cc1bc8bc8787e621f987d.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 9c9108a6af..c5e964ec8c 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -28,6 +28,9 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 # Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
 # and 4.3.0 doesn't have the issue
 CVE_CHECK_IGNORE += "CVE-2015-7313"
+# These issues only affect libtiff post-4.3.0 but before 4.4.0,
+# caused by 3079627e and fixed by b4e79bfa.
+CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
 inherit autotools multilib_header
author	Ross Burton <ross.burton@arm.com>	2022-05-23 13:14:50 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-05-28 10:38:17 +0100
commit	00c04394cbc5ecaced7cc1bc8bc8787e621f987d (patch)
tree	5885b8a4d6958732578d548cf9b3f915ab84c035
parent	269f457a62b4c4b0c673859e3aef3c0c480f7a09 (diff)
download	poky-00c04394cbc5ecaced7cc1bc8bc8787e621f987d.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 9c9108a6af..c5e964ec8c 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -28,6 +28,9 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
28	# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313	28	# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
29	# and 4.3.0 doesn't have the issue	29	# and 4.3.0 doesn't have the issue
30	CVE_CHECK_IGNORE += "CVE-2015-7313"	30	CVE_CHECK_IGNORE += "CVE-2015-7313"
		31	# These issues only affect libtiff post-4.3.0 but before 4.4.0,
		32	# caused by 3079627e and fixed by b4e79bfa.
		33	CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
31		34
32	inherit autotools multilib_header	35	inherit autotools multilib_header
33		36