tiff: Security fix CVE-2016-9535 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Mingli Yu <Mingli.Yu@windriver.com>	2016-12-07 16:01:11 +0800
committer	Sona Sarmadi <sona.sarmadi@enea.com>	2017-02-10 12:21:39 +0100
commit	a7301f1b499a971f6b208865f1241aaffa4b1dde (patch)
tree	659cdf9713981297e17167d6df6ac4fa5da6d5af /meta/classes/gtk-icon-cache.bbclass
parent	6c6fedcb239a188807cdf228a3e0ed116523bf1b (diff)
download	poky-a7301f1b499a971f6b208865f1241aaffa4b1dde.tar.gz

tiff: Security fix CVE-2016-9535

* libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) (From OE-Core rev: d55b4470c20f4a4b73b1e6f148a45d94649dfdb5) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Sona Sarmadi <sona.sarmadi@enea.com>

Diffstat (limited to 'meta/classes/gtk-icon-cache.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: