[prev in list] [next in list] [prev in thread] [next in thread]
List: openembedded-core
Subject: [OE-core][kirkstone 2/3] tiff: CVE patch correction for CVE-2023-3576
From: "Steve Sakoman" <steve () sakoman ! com>
Date: 2023-10-31 22:05:18
Message-ID: 63daa00279c0c3a8650d6e08a68cc32a2b98d843.1698789786.git.steve () sakoman ! com
[Download RAW message or body]
Content-Transfer-Encoding: 8bit
From: Vijay Anusuri <vanusuri@mvista.com>
- The commit [https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
fixes CVE-2023-3576
- Hence, renamed the CVE-2023-3618-1.patch to CVE-2023-3576.patch
- Reference: https://security-tracker.debian.org/tracker/CVE-2023-3576
https://security-tracker.debian.org/tracker/CVE-2023-3618
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
.../tiff/{CVE-2023-3618-1.patch => CVE-2023-3576.patch} | 3 ++-
.../tiff/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} | 0
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 4 ++--
3 files changed, 4 insertions(+), 3 deletions(-)
rename meta/recipes-multimedia/libtiff/tiff/{CVE-2023-3618-1.patch => \
CVE-2023-3576.patch} (93%) rename \
meta/recipes-multimedia/libtiff/tiff/{CVE-2023-3618-2.patch => CVE-2023-3618.patch} \
(100%)
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch \
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3576.patch similarity index 93%
rename from meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
rename to meta/recipes-multimedia/libtiff/tiff/CVE-2023-3576.patch
index 8f55d2b496..b17dd72170 100644
--- a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-1.patch
+++ b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3576.patch
@@ -4,8 +4,9 @@ Date: Tue, 7 Mar 2023 15:02:08 +0800
Subject: [PATCH] Fix memory leak in tiffcrop.c
Upstream-Status: Backport \
[https://gitlab.com/libtiff/libtiff/-/commit/881a070194783561fd209b7c789a4e75566f7f37]
-CVE: CVE-2023-3618
+CVE: CVE-2023-3576
Signed-off-by: Hitendra Prajapati <hprajapati@mvista.com>
+Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
---
tools/tiffcrop.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch \
b/meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618.patch similarity index 100%
rename from meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618-2.patch
rename to meta/recipes-multimedia/libtiff/tiff/CVE-2023-3618.patch
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb \
b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb index 8dcd73273e..e925b7d652 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -40,8 +40,8 @@ SRC_URI = "http://download.osgeo.org/libtiff/tiff-${PV}.tar.gz \
file://CVE-2023-26965.patch \
file://CVE-2023-2908.patch \
file://CVE-2023-3316.patch \
- file://CVE-2023-3618-1.patch \
- file://CVE-2023-3618-2.patch \
+ file://CVE-2023-3576.patch \
+ file://CVE-2023-3618.patch \
file://CVE-2023-26966.patch \
file://CVE-2022-40090.patch \
file://CVE-2023-1916.patch \
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#189872): https://lists.openembedded.org/g/openembedded-core/message/189872
Mute This Topic: https://lists.openembedded.org/mt/102307906/4454766
Group Owner: openembedded-core+owner@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [openembedded-core@marc.info]
-=-=-=-=-=-=-=-=-=-=-=-
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic