[walnascar,08/10] tiff: ignore CVE-2025-8851

Message ID	20250925140514.1103300-8-peter.marko@siemens.com
State	Accepted
Delegated to:	Steve Sakoman
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.226, mailfrom: fm-256628-20250925140633113a40fcb90002076d-myeoxl@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [OE-core][walnascar][PATCH 08/10] tiff: ignore CVE-2025-8851 Date: Thu, 25 Sep 2025 16:05:12 +0200 Message-Id: <20250925140514.1103300-8-peter.marko@siemens.com> In-Reply-To: <20250925140514.1103300-1-peter.marko@siemens.com> References: <20250925140514.1103300-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[walnascar,01/10] gstreamer1.0: set status of 5 CVEs to patched \| expand [walnascar,01/10] gstreamer1.0: set status of 5 CVEs to patched [walnascar,02/10] gstreamer1.0: ignore CVE-2025-2759 [walnascar,03/10] gstreamer1.0: set status of CVE-2025-3887 to patched [walnascar,04/10] pulseaudio: ignore CVE-2024-11586 [walnascar,05/10] grub2: mark CVE-2024-2312 as not applicable [walnascar,06/10] cups: patch CVE-2025-58060 [walnascar,07/10] cups: patch CVE-2025-58364 [walnascar,08/10] tiff: ignore CVE-2025-8851 [walnascar,09/10] tiff: patch CVE-2025-9165 [walnascar,10/10] tiff: patch CVE-2025-8961

Message ID

20250925140514.1103300-8-peter.marko@siemens.com

State

Accepted

Delegated to:

Steve Sakoman

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [OE-core][walnascar][PATCH 08/10] tiff: ignore CVE-2025-8851
Date: Thu, 25 Sep 2025 16:05:12 +0200
Message-Id: <20250925140514.1103300-8-peter.marko@siemens.com>
In-Reply-To: <20250925140514.1103300-1-peter.marko@siemens.com>
References: <20250925140514.1103300-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[walnascar,01/10] gstreamer1.0: set status of 5 CVEs to patched | expand

Commit Message

Peter Marko Sept. 25, 2025, 2:05 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This is fixed in v4.7.0, however cve_check cannot match it as NVD says
"Up to (excluding) 2024-08-11".

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-multimedia/libtiff/tiff_4.7.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
index 2155ac8df45..fd383e3d6a3 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.7.0.bb
@@ -28,6 +28,7 @@  CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://secur
 CVE_STATUS[CVE-2023-52356] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
 CVE_STATUS[CVE-2023-6228] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
 CVE_STATUS[CVE-2023-6277] = "fixed-version: Fixed since 4.7.0, NVD tracks this as version-less vulnerability"
+CVE_STATUS[CVE-2025-8851] = "fixed-version: Fixed since 4.7.0, NVD tracks this as fixed in 2024-08-11 vulnerability"
 
 inherit autotools multilib_header

[walnascar,08/10] tiff: ignore CVE-2025-8851

Commit Message

Patch