From: Peter Marko <peter.marko@siemens.com>
Date: Thu, 25 Sep 2025 14:05:12 +0000 (+0200)
Subject: tiff: ignore CVE-2025-8851
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=17a71c67a8a9242e5ae8985a9ebcc51bfa112c3d;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git

tiff: ignore CVE-2025-8851

This is fixed in v4.7.0, however cve_check cannot match it as NVD says
"Up to (excluding) 2024-08-11".

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
index 2155ac8df4..fd383e3d6a 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
@@ -28,6 +28,7 @@ CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://secur
 CVE_STATUS[CVE-2023-52356] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
 CVE_STATUS[CVE-2023-6228] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
 CVE_STATUS[CVE-2023-6277] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2025-8851] = "fixed-version: Fixed since 4.7.0, NVD tracks this as fixed in 2024-08-11 vulnerability"
 
 inherit autotools multilib_header