code.ossystems Code Review - openembedded-core.git/commit

author	Li Zhou <li.zhou@windriver.com>
	Wed, 25 Jan 2017 09:28:22 +0000 (17:28 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 21 Nov 2017 14:42:53 +0000 (14:42 +0000)
commit	d26ea3b9b698fcb059aaa34c2408e3b95ca4f31d
tree	cb7b59a2a48e4471fedd5e81b04d35d91a49c4bc	tree \| snapshot
parent	b9de98cdc816904583970369848181c2c79f1dc5	commit \| diff

libtiff: Security Advisory - libtiff - CVE-2017-5225

Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.

Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.

(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)

Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Signed-off-by: Armin Kuster <akuster@mvista.com>

meta/recipes-multimedia/libtiff/files/libtiff-CVE-2017-5225.patch	[new file with mode: 0644]	blob
meta/recipes-multimedia/libtiff/tiff_4.0.7.bb		diff \| blob \| history