From: Chee Yang Lee <chee.yang.lee@intel.com>
Date: Mon, 21 Aug 2023 01:16:31 +0000 (+0800)
Subject: tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774
X-Git-Tag: yocto-3.1.28~32
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8a4f312ef3751ecf8b3fe2ac719477c7d9c967d2;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

tiff: CVE-2022-3599.patch also fix CVE-2022-4645 CVE-2023-30774

The same patch also fix CVE-2022-4645 CVE-2023-30774
CVE-2022-4645 - https://gitlab.com/libtiff/libtiff/-/issues/277
CVE-2023-30774 - https://gitlab.com/libtiff/libtiff/-/issues/463

Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---

diff --git a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
index 9689a996381..b3232d9002c 100644
--- a/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
+++ b/meta/recipes-multimedia/libtiff/files/CVE-2022-3599.patch
@@ -4,7 +4,7 @@ Date: Tue, 30 Aug 2022 16:56:48 +0200
 Subject: [PATCH] Revised handling of TIFFTAG_INKNAMES and related
 
 Upstream-Status: Backport [import from debian http://security.debian.org/debian-security/pool/updates/main/t/tiff/tiff_4.1.0+git191117-2~deb10u7.debian.tar.xz ]
-CVE: CVE-2022-3599
+CVE: CVE-2022-3599 CVE-2022-4645 CVE-2023-30774
 Signed-off-by: Chee Yang Lee <chee.yang.lee@intel.com>
 
 Origin: https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246