| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | libtiff: Update to 4.0.7 | Armin Kuster | 2016-12-13 | 1 | -67/+0 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Major changes: The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos. CVEs fixed: CVE-2016-9297 CVE-2016-9448 CVE-2016-9273 CVE-2014-8127 CVE-2016-3658 CVE-2016-5875 CVE-2016-5652 CVE-2016-3632 plus more that are not identified in the changelog. removed patches integrated into update. more info: http://libtiff.maptools.org/v4.0.7.html (From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | ||||
| * | tiff: Security fix CVE-2016-9535 | Mingli Yu | 2016-12-08 | 1 | -0/+67 |
| * libtiff/tif_predict.h, libtiff/tif_predict.c: Replace assertions by runtime checks to avoid assertions in debug mode, or buffer overflows in release mode. Can happen when dealing with unusual tile size like YCbCr with subsampling. External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9535 Patch from: https://github.com/vadz/libtiff/commit/3ca657a8793dd011bf869695d72ad31c779c3cc1 https://github.com/vadz/libtiff/commit/6a984bf7905c6621281588431f384e79d11a2e33 (From OE-Core rev: 61d3feb9cad9f61f6551b43f4f19bfa33cadd275) Signed-off-by: Mingli Yu <Mingli.Yu@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> | |||||
 |
index : linux/poky.git | |
| Mirror of git.yoctoproject.org/poky | N/A |
| summaryrefslogtreecommitdiffstats |