tiff: ignore 5 CVEs

These CVEs are for tools which were removed in v4.6.0 via [1] and re-introduced again in v4.7.0 via [2]. [1] https://gitlab.com/libtiff/libtiff/-/commit/eab89a627f0a65e9a1a47c4b30b4802c80b1ac45 [2] https://gitlab.com/libtiff/libtiff/-/commit/9ab54a858049bef020d578c71d82669531551c00 (From OE-Core rev: faf1e12ae0f9de56402830460315e5be0d13f4a5) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Peter Marko <peter.marko@siemens.com> 2025-10-08 22:42:16 +0200
committer: Steve Sakoman <steve@sakoman.com> 2025-10-13 12:42:58 -0700
commit: ac57f3b9d27dc48a8aefa5f70fcad29cce0a180f (patch)
tree: eb7c04f68513cc01860bea838fea2e4aa4c3e63c
parent: aca68169cc0be4babadd9096e2a1001f8ed2f98f (diff)
download: poky-ac57f3b9d27dc48a8aefa5f70fcad29cce0a180f.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
index 1d3d08ff9d..9957699fb2 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -28,6 +28,10 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
 CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
+CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS"
+CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851"
+CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release"
 inherit autotools multilib_header
 CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"
author	Peter Marko <peter.marko@siemens.com>	2025-10-08 22:42:16 +0200
committer	Steve Sakoman <steve@sakoman.com>	2025-10-13 12:42:58 -0700
commit	ac57f3b9d27dc48a8aefa5f70fcad29cce0a180f (patch)
tree	eb7c04f68513cc01860bea838fea2e4aa4c3e63c
parent	aca68169cc0be4babadd9096e2a1001f8ed2f98f (diff)
download	poky-ac57f3b9d27dc48a8aefa5f70fcad29cce0a180f.tar.gz

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb index 1d3d08ff9d..9957699fb2 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -28,6 +28,10 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
28	CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"	28	CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313 and already 4.3.0 doesn't have the issue"
29	CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"	29	CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"
30		30
		31	CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS"
		32	CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851"
		33	CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release"
		34
31	inherit autotools multilib_header	35	inherit autotools multilib_header
32		36
33	CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"	37	CACHED_CONFIGUREVARS = "ax_cv_check_gl_libgl=no"