[kirkstone,4/7] tiff: Add fix for CVE-2022-4645

Message ID	d1aa26fe8170937508a4d2242001892cea84d29a.1681572283.git.steve@sakoman.com
State	New, archived
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.178, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 4/7] tiff: Add fix for CVE-2022-4645 Date: Sat, 15 Apr 2023 05:26:41 -1000 Message-Id: <d1aa26fe8170937508a4d2242001892cea84d29a.1681572283.git.steve@sakoman.com> In-Reply-To: <cover.1681572283.git.steve@sakoman.com> References: <cover.1681572283.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,1/7] binutils : Fix CVE-2023-1579 \| expand [kirkstone,1/7] binutils : Fix CVE-2023-1579 [kirkstone,2/7] curl: CVE-2023-27533 TELNET option IAC injection [kirkstone,3/7] curl: CVE-2023-27534 SFTP path resolving discrepancy [kirkstone,4/7] tiff: Add fix for CVE-2022-4645 [kirkstone,5/7] go: fix CVE-2022-41724, 41725 [kirkstone,6/7] openssl: Move microblaze to linux-latomic config [kirkstone,7/7] package.bbclass: correct check for /build in copydebugsources()

Message ID

d1aa26fe8170937508a4d2242001892cea84d29a.1681572283.git.steve@sakoman.com

State

New, archived

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 4/7] tiff: Add fix for CVE-2022-4645
Date: Sat, 15 Apr 2023 05:26:41 -1000
Message-Id: 
 <d1aa26fe8170937508a4d2242001892cea84d29a.1681572283.git.steve@sakoman.com>
In-Reply-To: <cover.1681572283.git.steve@sakoman.com>
References: <cover.1681572283.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,1/7] binutils : Fix CVE-2023-1579 | expand

Commit Message

Steve Sakoman April 15, 2023, 3:26 p.m. UTC

From: Pawan Badganchi <Pawan.Badganchi@kpit.com>

Below patch fixes the CVE-2022-4645 as well.

0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch

Link: https://nvd.nist.gov/vuln/detail/CVE-2022-4645

Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 ...evised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
index 37859c9192..17b37be041 100644
--- a/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/0001-Revised-handling-of-TIFFTAG_INKNAMES-and-related-TIF.patch
@@ -23,9 +23,10 @@  This MR will close the following issues:  #149, #150, #152, #168 (to be checked)
 
 It also fixes the old bug at http://bugzilla.maptools.org/show_bug.cgi?id=2599, for which the limitation of `NumberOfInks = SPP` was introduced, which is in my opinion not necessary and does not solve the general issue.
 
-CVE: CVE-2022-3599
-Upstream-Status: Backport
+CVE: CVE-2022-3599 CVE-2022-4645
+Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/e813112545942107551433d61afd16ac094ff246.patch]
 Signed-off-by: Ross Burton <ross.burton@arm.com>
+Signed-off-by: Pawan Badganchi <Pawan.Badganchi@kpit.com>
 ---
  libtiff/tif_dir.c      | 119 ++++++++++++++++++++++++-----------------
  libtiff/tif_dir.h      |   2 +

[kirkstone,4/7] tiff: Add fix for CVE-2022-4645

Commit Message

Patch