libtiff: CVE-2022-34526 A stack overflow was discovered

Source: https://gitlab.com/libtiff/libtiff MR: 120545 Type: Security Fix Disposition: Backport from https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990 ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387 Description: CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit. (From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761) Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Hitendra Prajapati <hprajapati@mvista.com> 2022-08-23 10:10:15 +0530
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-09-03 13:10:37 +0100
commit: dea6f2c847296639359546198709bf333a881d29 (patch)
tree: 0a67cbec1acef2fa63e2acdbad8ab738d80183aa /meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
parent: 87377eacc0a9b17be3ba69efe11f54bbd93fdc79 (diff)
download: poky-dea6f2c847296639359546198709bf333a881d29.tar.gz
1 files changed, 1 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 4383f7af8e..c061d2aaac 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
           file://CVE-2022-0891.patch \
           file://CVE-2022-0924.patch \
           file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
+           file://CVE-2022-34526.patch \
          "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
author	Hitendra Prajapati <hprajapati@mvista.com>	2022-08-23 10:10:15 +0530
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-09-03 13:10:37 +0100
commit	dea6f2c847296639359546198709bf333a881d29 (patch)
tree	0a67cbec1acef2fa63e2acdbad8ab738d80183aa /meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
parent	87377eacc0a9b17be3ba69efe11f54bbd93fdc79 (diff)
download	poky-dea6f2c847296639359546198709bf333a881d29.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb index 4383f7af8e..c061d2aaac 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
25	file://CVE-2022-0891.patch \	25	file://CVE-2022-0891.patch \
26	file://CVE-2022-0924.patch \	26	file://CVE-2022-0924.patch \
27	file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \	27	file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
		28	file://CVE-2022-34526.patch \
28	"	29	"
29	SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"	30	SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
30	SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"	31	SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"