From 3d05a87df7361f4b315a9f05de3a86e318585b93 Mon Sep 17 00:00:00 2001
From: Ross Burton <ross.burton@intel.com>
Date: Wed, 27 Mar 2019 13:40:38 +0000
Subject: libexif: fix CVE-2016-6328 and CVE-2018-20030

(From OE-Core rev: 037b544431076b94e85281c7deb527a44a600f5a)

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-support/libexif/libexif_0.6.21.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'meta/recipes-support/libexif/libexif_0.6.21.bb')

diff --git a/meta/recipes-support/libexif/libexif_0.6.21.bb b/meta/recipes-support/libexif/libexif_0.6.21.bb
index a6c9c647c8..d847beab18 100644
--- a/meta/recipes-support/libexif/libexif_0.6.21.bb
+++ b/meta/recipes-support/libexif/libexif_0.6.21.bb
@@ -5,7 +5,9 @@ LICENSE = "LGPLv2.1"
 LIC_FILES_CHKSUM = "file://COPYING;md5=243b725d71bb5df4a1e5920b344b86ad"
 
 SRC_URI = "${SOURCEFORGE_MIRROR}/libexif/libexif-${PV}.tar.bz2 \
-           file://CVE-2017-7544.patch"
+           file://CVE-2017-7544.patch \
+           file://CVE-2016-6328.patch \
+           file://CVE-2018-20030.patch"
 
 SRC_URI[md5sum] = "27339b89850f28c8f1c237f233e05b27"
 SRC_URI[sha256sum] = "16cdaeb62eb3e6dfab2435f7d7bccd2f37438d21c5218ec4e58efa9157d4d41a"
-- 
cgit v1.2.3-54-g00ecf