Fix CVE-2015-8781 CVE-2015-8784 CVE-2016-3186 CVE-2016-5321 CVE-2016-5323 The patches for CVE-2015-8781 and CVE-2015-8784 are cherry-picked from jethro branch since I found these 2 patches are also needed by tiff 4.0.6 Here is the comparing changes since 4.0.6 released, you could see these 2 patches are in the list: https://github.com/vadz/libtiff/compare/Release-v4-0-6...master
The following changes since commit dfc016fbf13e62f7767edaf7abadf1d1b72680b2: maintainers.inc: remove augeas (2016-08-04 20:56:11 +0100) are available in the git repository at: git://git.pokylinux.org/poky-contrib yzhao/tiff-cve http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=yzhao/tiff-cve Armin Kuster (2): tiff: Security fix CVE-2015-8781 tiff: Security fix CVE-2015-8784 Yi Zhao (3): tiff: Security fix CVE-2016-3186 tiff: Security fix CVE-2016-5321 tiff: Security fix CVE-2016-5323 .../libtiff/files/CVE-2015-8781.patch | 195 +++++++++++++++++++++ .../libtiff/files/CVE-2015-8784.patch | 73 ++++++++ .../libtiff/files/CVE-2016-3186.patch | 24 +++ .../libtiff/files/CVE-2016-5321.patch | 49 ++++++ .../libtiff/files/CVE-2016-5323.patch | 107 +++++++++++ meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 + 6 files changed, 453 insertions(+) create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch -- 2.7.4 -- _______________________________________________ Openembedded-core mailing list [email protected] http://lists.openembedded.org/mailman/listinfo/openembedded-core
