From dea6f2c847296639359546198709bf333a881d29 Mon Sep 17 00:00:00 2001
From: Hitendra Prajapati <hprajapati@mvista.com>
Date: Tue, 23 Aug 2022 10:10:15 +0530
Subject: libtiff: CVE-2022-34526 A stack overflow was discovered

Source: https://gitlab.com/libtiff/libtiff
MR: 120545
Type: Security Fix
Disposition: Backport from https://gitlab.com/libtiff/libtiff/-/commit/275735d0354e39c0ac1dc3c0db2120d6f31d1990
ChangeID: 4c781586f7aba27420a7adc0adc597cc68495387
Description:
          CVE-2022-34526 libtiff: A stack overflow was discovered in the _TIFFVGetField function of Tiffsplit.

(From OE-Core rev: 462d4a55a460c60a7b8c36fe3899e66f13835761)

Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-multimedia/libtiff/tiff_4.1.0.bb | 1 +
 1 file changed, 1 insertion(+)

(limited to 'meta/recipes-multimedia/libtiff/tiff_4.1.0.bb')

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
index 4383f7af8e..c061d2aaac 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.1.0.bb
@@ -25,6 +25,7 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
            file://CVE-2022-0891.patch \
            file://CVE-2022-0924.patch \
            file://CVE-2022-2056-CVE-2022-2057-CVE-2022-2058.patch \
+           file://CVE-2022-34526.patch \
           "
 SRC_URI[md5sum] = "2165e7aba557463acc0664e71a3ed424"
 SRC_URI[sha256sum] = "5d29f32517dadb6dbcd1255ea5bbc93a2b54b94fbf83653b4d65c7d6775b8634"
-- 
cgit v1.2.3-54-g00ecf