<feed xmlns='http://www.w3.org/2005/Atom'>
<title>linux/poky.git/meta/recipes-multimedia/libtiff/files, branch master</title>
<subtitle>Mirror of git.yoctoproject.org/poky</subtitle>
<id>https://git.enea.com/cgit/linux/poky.git/atom?h=master</id>
<link rel='self' href='https://git.enea.com/cgit/linux/poky.git/atom?h=master'/>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/'/>
<updated>2023-09-26T09:35:27+00:00</updated>
<entry>
<title>tiff: upgrade 4.5.1 -&gt; 4.6.0</title>
<updated>2023-09-26T09:35:27+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2023-09-22T07:24:27+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=8c5dd21254be4775a3b4aa9e60d852e941dfa255'/>
<id>urn:sha1:8c5dd21254be4775a3b4aa9e60d852e941dfa255</id>
<content type='text'>
(From OE-Core rev: 9e80f93ada4eae638350d86b8aa514203f757d43)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: fix CVE-2023-41175</title>
<updated>2023-09-20T07:57:26+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2023-09-15T07:34:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=558f2e49a50e5c9daebd586b6a02b598aa1f6dd0'/>
<id>urn:sha1:558f2e49a50e5c9daebd586b6a02b598aa1f6dd0</id>
<content type='text'>
libtiff: potential integer overflow in raw2tiff.c

References:
https://bugzilla.redhat.com/show_bug.cgi?id=2235264
https://security-tracker.debian.org/tracker/CVE-2023-41175
https://gitlab.com/libtiff/libtiff/-/issues/592

(From OE-Core rev: 4ee806cbc12fbc830b09ba6222e96b1e5f24539f)

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: fix CVE-2023-40745</title>
<updated>2023-09-20T07:57:26+00:00</updated>
<author>
<name>Yogita Urade</name>
<email>yogita.urade@windriver.com</email>
</author>
<published>2023-09-15T07:34:48+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1843db6ae3aa77aa1d4e68dd3b130c419df548f8'/>
<id>urn:sha1:1843db6ae3aa77aa1d4e68dd3b130c419df548f8</id>
<content type='text'>
libtiff: integer overflow in tiffcp.c

References:
https://security-tracker.debian.org/tracker/CVE-2023-40745
https://gitlab.com/libtiff/libtiff/-/issues/591
https://bugzilla.redhat.com/show_bug.cgi?id=2235265

(From OE-Core rev: c3d4fbeb51278a04a6800c894c681733ad2259ca)

Signed-off-by: Yogita Urade &lt;yogita.urade@windriver.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: upgrade to 4.5.1</title>
<updated>2023-07-10T10:36:34+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-07-03T12:19:25+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=238b4ff55e1a1c267dda5277f12b2bcb1fb2f5ea'/>
<id>urn:sha1:238b4ff55e1a1c267dda5277f12b2bcb1fb2f5ea</id>
<content type='text'>
Also remove old CVE_CHECK_IGNOREs which are no longer needed due to CPE
updates.

(From OE-Core rev: 2200fde7011c4206382150c2602b2eb17423d45e)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: backport a fix for CVE-2023-26965</title>
<updated>2023-06-27T15:23:40+00:00</updated>
<author>
<name>Natasha Bailey</name>
<email>nat.bailey@windriver.com</email>
</author>
<published>2023-06-23T17:47:44+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=a4bd1f72821d3cae65c220e35f716234766974bf'/>
<id>urn:sha1:a4bd1f72821d3cae65c220e35f716234766974bf</id>
<content type='text'>
Fixes a bug where a buffer was used after a potential reallocation.

(From OE-Core rev: 48b8945fa570edcdf1e19ed4a4ca81c4416f1a6a)

Signed-off-by: Natasha Bailey &lt;nat.bailey@windriver.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: backport a fix for CVE-2023-2731</title>
<updated>2023-06-01T07:05:11+00:00</updated>
<author>
<name>Natasha Bailey</name>
<email>nat.bailey@windriver.com</email>
</author>
<published>2023-05-30T22:16:06+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2f56bdb289b6487ac1e1781cdd620d5ccd1f7d9c'/>
<id>urn:sha1:2f56bdb289b6487ac1e1781cdd620d5ccd1f7d9c</id>
<content type='text'>
This patch fixes an issue in libtiff's LZWDecode function which could cause a null pointer dereference.

(From OE-Core rev: 7da5abf23232f61bf8009b4b8e97632768867e07)

Signed-off-by: Natasha Bailey &lt;nat.bailey@windriver.com&gt;
Signed-off-by: Randy MacLeod &lt;Randy.MacLeod@windriver.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Remove unused patch from tiff</title>
<updated>2023-05-11T08:15:00+00:00</updated>
<author>
<name>nikhil</name>
<email>nikhilar2410@gmail.com</email>
</author>
<published>2023-05-11T05:49:20+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=ddf68ab675787e69205f4e16002dedc408440c09'/>
<id>urn:sha1:ddf68ab675787e69205f4e16002dedc408440c09</id>
<content type='text'>
Remove 0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
file from tiff as it was removed while upgrading tiff from
4.4.0 -&gt; 4.5.0

(From OE-Core rev: c53abdb5ce9cdbfb0f9e48b64b800c45549d18a6)

Signed-off-by: Nikhil R &lt;nikhilar2410@gmail.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: Add fix for CVE-2022-4645</title>
<updated>2023-04-13T10:56:07+00:00</updated>
<author>
<name>Pawan Badganchi</name>
<email>Pawan.Badganchi@kpit.com</email>
</author>
<published>2023-04-11T14:39:11+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=2c9488e5d2acac37e162da785584ddfd8564000f'/>
<id>urn:sha1:2c9488e5d2acac37e162da785584ddfd8564000f</id>
<content type='text'>
Below patch fixes the CVE-2022-4645 as well.

0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch

Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645

(From OE-Core rev: 312393edf0aa5b2c515c08245d1c289ba79bad55)

Signed-off-by: Pawan Badganchi &lt;Pawan.Badganchi@kpit.com&gt;
Signed-off-by: Luca Ceresoli &lt;luca.ceresoli@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: backport fix for CVE-2022-48281</title>
<updated>2023-02-24T11:04:27+00:00</updated>
<author>
<name>Ross Burton</name>
<email>ross.burton@arm.com</email>
</author>
<published>2023-02-20T16:28:16+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=1e9b6bf803d8a5e1640feb0981e879362a07ee58'/>
<id>urn:sha1:1e9b6bf803d8a5e1640feb0981e879362a07ee58</id>
<content type='text'>
(From OE-Core rev: bf0cf66c10c95ddada595dd5a84b45235c09ebab)

Signed-off-by: Ross Burton &lt;ross.burton@arm.com&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
<entry>
<title>tiff: update 4.4.0 -&gt; 4.5.0</title>
<updated>2023-01-06T12:08:33+00:00</updated>
<author>
<name>Alexander Kanavin</name>
<email>alex.kanavin@gmail.com</email>
</author>
<published>2023-01-04T11:04:40+00:00</published>
<link rel='alternate' type='text/html' href='https://git.enea.com/cgit/linux/poky.git/commit/?id=eba274f60f4af04c3b850c23e0af59138993c540'/>
<id>urn:sha1:eba274f60f4af04c3b850c23e0af59138993c540</id>
<content type='text'>
Drop all CVE backports.

License-Update: formatting

(From OE-Core rev: 9a255a3b114686b04bf54560c7485552ec3b438c)

Signed-off-by: Alexander Kanavin &lt;alex@linutronix.de&gt;
Signed-off-by: Alexandre Belloni &lt;alexandre.belloni@bootlin.com&gt;
Signed-off-by: Richard Purdie &lt;richard.purdie@linuxfoundation.org&gt;
</content>
</entry>
</feed>
