tiff: Exclude CVE-2015-7313 from cve-check

Some fix upstream addresses the issue, it isn't clear which change this was. Our current version doesn't have issues with the test image though so we can exclude. (From OE-Core rev: 3874da694ae1d9de06dd003bd80705205e2b033b) Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-11 14:13:08 +0100
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2021-05-12 23:06:05 +0100
commit: 2d5c16102121b093caa72db223113a26939c9e03 (patch)
tree: 9c2028f8c90792019b0393fd42085eb26f18eac8 /meta/recipes-multimedia/libtiff
parent: c887238347295c87dacf8a08e6d703603436d0bc (diff)
download: poky-2d5c16102121b093caa72db223113a26939c9e03.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index abf0a67740..8f929ffb55 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -15,6 +15,10 @@ SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1
 # exclude betas
 UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
+# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
+# and 4.3.0 doesn't have the issue
+CVE_CHECK_WHITELIST += "CVE-2015-7313"
 inherit autotools multilib_header
 CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
author	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-11 14:13:08 +0100
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2021-05-12 23:06:05 +0100
commit	2d5c16102121b093caa72db223113a26939c9e03 (patch)
tree	9c2028f8c90792019b0393fd42085eb26f18eac8 /meta/recipes-multimedia/libtiff
parent	c887238347295c87dacf8a08e6d703603436d0bc (diff)
download	poky-2d5c16102121b093caa72db223113a26939c9e03.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index abf0a67740..8f929ffb55 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -15,6 +15,10 @@ SRC_URI[sha256sum] = "0e46e5acb087ce7d1ac53cf4f56a09b221537fc86dfc5daaad1c2e89e1
15	# exclude betas	15	# exclude betas
16	UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"	16	UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
17		17
		18	# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
		19	# and 4.3.0 doesn't have the issue
		20	CVE_CHECK_WHITELIST += "CVE-2015-7313"
		21
18	inherit autotools multilib_header	22	inherit autotools multilib_header
19		23
20	CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"	24	CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"