[OE-core] [PATCH 0/5] libtiff: CVE fixes
Yi Zhao
yi.zhao at windriver.com
Wed Aug 10 07:11:15 UTC 2016
Fix CVE-2015-8781 CVE-2015-8784 CVE-2016-3186 CVE-2016-5321 CVE-2016-5323
The patches for CVE-2015-8781 and CVE-2015-8784 are cherry-picked from jethro branch since I found these 2 patches are also needed by tiff 4.0.6
Here is the comparing changes since 4.0.6 released, you could see these 2 patches are in the list:
https://github.com/vadz/libtiff/compare/Release-v4-0-6...master
The following changes since commit dfc016fbf13e62f7767edaf7abadf1d1b72680b2:
maintainers.inc: remove augeas (2016-08-04 20:56:11 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib yzhao/tiff-cve
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=yzhao/tiff-cve
Armin Kuster (2):
tiff: Security fix CVE-2015-8781
tiff: Security fix CVE-2015-8784
Yi Zhao (3):
tiff: Security fix CVE-2016-3186
tiff: Security fix CVE-2016-5321
tiff: Security fix CVE-2016-5323
.../libtiff/files/CVE-2015-8781.patch | 195 +++++++++++++++++++++
.../libtiff/files/CVE-2015-8784.patch | 73 ++++++++
.../libtiff/files/CVE-2016-3186.patch | 24 +++
.../libtiff/files/CVE-2016-5321.patch | 49 ++++++
.../libtiff/files/CVE-2016-5323.patch | 107 +++++++++++
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 +
6 files changed, 453 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
--
2.7.4
More information about the Openembedded-core
mailing list