| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | libtiff: Update to 4.0.7 | Armin Kuster | 2016-12-13 | 1 | -24/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes: The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos. CVEs fixed: CVE-2016-9297 CVE-2016-9448 CVE-2016-9273 CVE-2014-8127 CVE-2016-3658 CVE-2016-5875 CVE-2016-5652 CVE-2016-3632 plus more that are not identified in the changelog. removed patches integrated into update. more info: http://libtiff.maptools.org/v4.0.7.html (From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | tiff: Security fix CVE-2016-3186 | Yi Zhao | 2016-08-17 | 1 | -0/+24 |
| CVE-2016-3186 libtiff: buffer overflow in the readextension function in gif2tiff.c allows remote attackers to cause a denial of service via a crafted GIF file External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 https://bugzilla.redhat.com/show_bug.cgi?id=1319503 Patch from: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff (From OE-Core rev: 3d818fc862b1d85252443fefa2222262542a10ae) Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |