From: Peter Marko <peter.ma...@siemens.com> This further tweaks fix for CVE-2022-1622/CVE-2022-1623 by adding it to one additional goto label.
Previous fix: https://gitlab.com/libtiff/libtiff/-/commit/b4e79bfa0c7d2d08f6f1e7ec38143fc8cb11394a Additional fix: https://gitlab.com/libtiff/libtiff/-/commit/9be22b639ea69e102d3847dca4c53ef025e9527b Signed-off-by: Peter Marko <peter.ma...@siemens.com> Signed-off-by: Steve Sakoman <st...@sakoman.com> --- meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 27bb306e94..a47fc4bd34 100644 --- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb +++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb @@ -65,8 +65,8 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar" # and 4.3.0 doesn't have the issue CVE_CHECK_IGNORE += "CVE-2015-7313" # These issues only affect libtiff post-4.3.0 but before 4.4.0, -# caused by 3079627e and fixed by b4e79bfa. -CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623" +# caused by 3079627e and fixed by b4e79bfa and again by 9be22b63 +CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623 CVE-2023-2731" # Issue is in jbig which we don't enable CVE_CHECK_IGNORE += "CVE-2022-1210" -- 2.43.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#209456): https://lists.openembedded.org/g/openembedded-core/message/209456 Mute This Topic: https://lists.openembedded.org/mt/110476680/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
