From: Peter Marko Date: Sun, 16 Mar 2025 16:50:25 +0000 (+0100) Subject: tiff: mark CVE-2023-30774 as patched X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=87893c72efbba029c5f2a9e8e3fff126b2a0cb71;p=thirdparty%2Fopenembedded%2Fopenembedded-core-contrib.git tiff: mark CVE-2023-30774 as patched [1] points tu issue [2] which was fixed by [3] together with lot of other issues. We already have this patch, so mark CVE-2023-30774 in it. Also split CVE tag to separate entries. [1] https://nvd.nist.gov/vuln/detail/CVE-2023-30774 [2] https://gitlab.com/libtiff/libtiff/-/issues/463 [3] https://gitlab.com/libtiff/libtiff/-/merge_requests/385 Signed-off-by: Peter Marko Signed-off-by: Steve Sakoman --- diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch index 17b37be0411..261421b3991 100644 --- a/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch +++ b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch @@ -23,7 +23,9 @@ This MR will close the following issues: #149, #150, #152, #168 (to be checked) It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue. -CVE: CVE-2022-3599 CVE-2022-4645 +CVE: CVE-2022-3599 +CVE: CVE-2022-4645 +CVE: CVE-2023-30774 Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246.patch] Signed-off-by: Ross Burton Signed-off-by: Pawan Badganchi