tiff: fix CVE-2022-2953 - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Zheng Qiu <zheng.qiu@windriver.com>	2022-11-03 17:00:41 -1000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-11-04 13:13:31 +0000
commit	fc1c036d4a3707f755063a997393d460c9d22e2c (patch)
tree	c59c673222c1f53095b0cd8eda453143267b9241 /scripts/lib/build_perf
parent	bd400c76a6224cc9f8e9ae2a0d8dddafefda86b3 (diff)
download	poky-fc1c036d4a3707f755063a997393d460c9d22e2c.tar.gz

tiff: fix CVE-2022-2953

While this does not happen with the tiff 4.3.0 release, it does happen with the series of patches we have, so backport the two simple changes that restrict the tiffcrop options to avoid the vulnerability. CVE-2022-2953.patch was taken from upstream, and a small typo was fixed for the CVE number. The other patch is included in tiff 4.4.0 but not 4.3.0, so add it as well. (From OE-Core rev: cd94ed01214251027d1076b67cf65c3058f51dad) Signed-off-by: Randy MacLeod <randy.macleod@windriver.com> Signed-off-by: Zheng Qiu <zheng.qiu@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/build_perf')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: