]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 241309c)
tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
authorRoss Burton <ross.burton@arm.com>
Mon, 23 May 2022 12:14:50 +0000 (13:14 +0100)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Sat, 28 May 2022 09:33:44 +0000 (10:33 +0100)
These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by
3079627e and fixed by b4e79bfa.

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb patch | blob | blame | history

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 9c9108a6afd34e8206c05f6eb53e9304bce6d92a..c5e964ec8c1fd24ee1c01af9227262eed9f233f7 100644 (file)
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -28,6 +28,9 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 # Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
 # and 4.3.0 doesn't have the issue
 CVE_CHECK_IGNORE += "CVE-2015-7313"
+# These issues only affect libtiff post-4.3.0 but before 4.4.0,
+# caused by 3079627e and fixed by b4e79bfa.
+CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
 
 inherit autotools multilib_header
 
Mirror of git://git.openembedded.org/openembedded-core-contrib