aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMartin Jansa <Martin.Jansa@gmail.com>2022-11-28 20:21:35 +0100
committerMartin Jansa <Martin.Jansa@gmail.com>2022-11-28 20:21:37 +0100
commit939665ae626e67bbffc965b1067358f592458664 (patch)
tree8f64451568188249808b1087103629068cfdccee
parenta016387c9ac7f82ec13edaf2120b02631f31b9c7 (diff)
downloadopenembedded-core-contrib-jansa/kirkstone.tar.gz
tiff: add CVE tag to b258ed69a485a9cfb299d9f060eb2a46c54e5903.patchjansa/kirkstone
* according to https://bugzilla.redhat.com/show_bug.cgi?id=2118863 this commit should be the fix for CVE-2022-2868 * resolves false-possitive entry in: https://lists.yoctoproject.org/g/yocto-security/message/705 CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 Signed-off-by: Martin Jansa <Martin.Jansa@gmail.com>
-rw-r--r--meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch5
1 files changed, 3 insertions, 2 deletions
diff --git a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
index 272dd3d713..83d5db7fc6 100644
--- a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch
@@ -5,11 +5,12 @@ Subject: [PATCH] Move the crop_width and crop_length computation after the
sanity check to avoid warnings when built with
-fsanitize=unsigned-integer-overflow.
-Upstream-Status: Backport
-[https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294]
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294]
Signed-off-by: Teoh Jay Shen <jay.shen.teoh@intel.com>
+CVE: CVE-2022-2868
+
---
tools/tiffcrop.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)