Rajkumar Veer
a05828ec79
tiff: Security fix for CVE-2017-7601
...
(From OE-Core rev: 7423b8318a381d139590f6ab2c50874d0eb775a6)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
599438440e
tiff: Security fix for CVE-2017-7598
...
(From OE-Core rev: 13704be6d172eef2459bb3a5ceed47711ef08b99)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
2b6b802cd5
tiff: Security fix for CVE-2017-7596
...
(From OE-Core rev: e22d6cab6dcfa020408b541242c26a994958831f)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
8e0f6c5ae5
tiff: Security fix for CVE-2017-7595
...
(From OE-Core rev: 7af2f595a595533356ddef42e542825faab3382a)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
2e37f28552
tiff: Security fix for CVE-2017-7594
...
(From OE-Core rev: ac828e5620430cff207ac5dc14dc5e2dbf99f9de)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
9f2bab8493
tiff: Security fix for CVE-2017-7592
...
(From OE-Core rev: 4c918f46c40878ae91d8de4223c6370f8c10ec66)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:49 +00:00
Rajkumar Veer
7af530d449
tiff: Security fix for CVE-2016-10270
...
(From OE-Core rev: 9600bca011fe5fd2837606ab05e64325b3f12114)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
6a2f7581c5
tiff: Security fix for CVE-2016-10269
...
(From OE-Core rev: f9efc9fc8d26784c7a2017efc771e809e6471911)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
dbd47a912b
tiff: Security fix CVE-2016-10267
...
(From OE-Core rev: 91aff69faa7861f9872331ea386145667607550c)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
3b7576ac22
tiff: Security fix CVE-2016-10266
...
(From OE-Core rev: aa1dc0afd99970f474f38a671e6c49aa2090fbe3)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
46ee394865
tiff: Security fix CVE-2016-10268
...
(From OE-Core rev: a384e06b6ac12541b9928ecbc5834ef1d505ac0f)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
ca16811eed
tiff: Secruity fix CVE-2016-10093
...
(From OE-Core rev: a34da9ea14275d0bf8e9f2b7df7416fe622770cb)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Rajkumar Veer
18a0ad760c
tiff: Security fix for CVE-2016-10271
...
(From OE-Core rev: d358e9bda3dcbdcfff7008804099f89f97f8bf79)
Signed-off-by: Rajkumar Veer <rveer@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-11-05 22:39:48 +00:00
Yi Zhao
f77fdc9f9f
tiff: Security fixes
...
Fix CVE-2017-9147, CVE-2017-9936, CVE-2017-10668, CVE-2017-11335
References:
https://nvd.nist.gov/vuln/detail/CVE-2017-9147
https://nvd.nist.gov/vuln/detail/CVE-2017-9936
https://nvd.nist.gov/vuln/detail/CVE-2017-10668
https://nvd.nist.gov/vuln/detail/CVE-2017-11335
Patches from:
CVE-2017-9147:
4d4fa0b68a
CVE-2017-9936:
fe8d716595
CVE-2017-10688:
6173a57d39
CVE-2017-11355:
69bfeec247
(From OE-Core rev: 5c89539edb17d01ffe82a1b2e7d092816003ecf3)
(From OE-Core rev: eaf72d105bed54e332e2e5c0c5c0a0087ecd91dd)
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
minor fixes to get to apply
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-09-11 22:15:58 +01:00
Li Zhou
49f6a9e794
libtiff: Security Advisory - libtiff - CVE-2017-5225
...
Libtiff is vulnerable to a heap buffer overflow in the tools/tiffcp
resulting in DoS or code execution via a crafted BitsPerSample value.
Porting patch from <https://github.com/vadz/libtiff/commit/
5c080298d59efa53264d7248bbe3a04660db6ef7> to solve CVE-2017-5225.
(From OE-Core rev: 434990304bdfb70441b399ff8998dbe3fe1b1e1f)
Signed-off-by: Li Zhou <li.zhou@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2017-01-31 14:43:01 +00:00
Armin Kuster
a63b53841b
libtiff: Update to 4.0.7
...
Major changes:
The libtiff tools bmp2tiff, gif2tiff, ras2tiff, sgi2tiff, sgisv, and ycbcr are completely removed from the distribution, used for demos.
CVEs fixed:
CVE-2016-9297
CVE-2016-9448
CVE-2016-9273
CVE-2014-8127
CVE-2016-3658
CVE-2016-5875
CVE-2016-5652
CVE-2016-3632
plus more that are not identified in the changelog.
removed patches integrated into update.
more info: http://libtiff.maptools.org/v4.0.7.html
(From OE-Core rev: 9945cbccc4c737c84ad441773061acbf90c7baed)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2016-12-13 22:55:21 +00:00