diff mbox series

[kirkstone,03/13] tiff: ignore CVE-2023-2731

Message ID c7632c5a3853290292fa695a0a7b15eb06159036.1736256495.git.steve@sakoman.com
State RFC
Delegated to: Steve Sakoman
Headers show
Series [kirkstone,01/13] libsndfile1: Backport fix for CVE-2022-33065 | expand

Commit Message

Steve Sakoman Jan. 7, 2025, 1:31 p.m. UTC
From: Peter Marko <peter.marko@siemens.com>

This further tweaks fix for CVE-2022-1622/CVE-2022-1623 by adding it to
one additional goto label.

Previous fix:
https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a

Additional fix:
https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
diff mbox series

Patch

diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 27bb306e94..a47fc4bd34 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -65,8 +65,8 @@  UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
 # and 4.3.0 doesn't have the issue
 CVE_CHECK_IGNORE += "CVE-2015-7313"
 # These issues only affect libtiff post-4.3.0 but before 4.4.0,
-# caused by 3079627e and fixed by b4e79bfa.
-CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
+# caused by 3079627e and fixed by b4e79bfa and again by 9be22b63
+CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623 CVE-2023-2731"
 # Issue is in jbig which we don't enable
 CVE_CHECK_IGNORE += "CVE-2022-1210"