* according to https://bugzilla.redhat.com/show_bug.cgi?id=2118863 this commit should be the fix for CVE-2022-2868
* resolves false-possitive entry in: https://lists.yoctoproject.org/g/yocto-security/message/705 CVE-2022-2868 (CVSS3: 8.1 HIGH): tiff https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-2868 Signed-off-by: Martin Jansa <[email protected]> --- .../tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch index 272dd3d713..83d5db7fc6 100644 --- a/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch +++ b/meta/recipes-multimedia/libtiff/tiff/b258ed69a485a9cfb299d9f060eb2a46c54e5903.patch @@ -5,11 +5,12 @@ Subject: [PATCH] Move the crop_width and crop_length computation after the sanity check to avoid warnings when built with -fsanitize=unsigned-integer-overflow. -Upstream-Status: Backport -[https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294] +Upstream-Status: Backport [https://gitlab.com/libtiff/libtiff/-/commit/b258ed69a485a9cfb299d9f060eb2a46c54e5903?merge_request_iid=294] Signed-off-by: Teoh Jay Shen <[email protected]> +CVE: CVE-2022-2868 + --- tools/tiffcrop.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) -- 2.38.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#173943): https://lists.openembedded.org/g/openembedded-core/message/173943 Mute This Topic: https://lists.openembedded.org/mt/95318322/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
