* [PATCH] tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid
@ 2022-05-23 12:14 Ross Burton
0 siblings, 0 replies; only message in thread
From: Ross Burton @ 2022-05-23 12:14 UTC (permalink / raw)
To: openembedded-core; +Cc: nd
These issues only affect libtiff post-4.3.0 but before 4.4.0, caused by
3079627e and fixed by b4e79bfa.
Signed-off-by: Ross Burton <ross.burton@arm.com>
---
meta/recipes-multimedia/libtiff/tiff_4.3.0.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
index 9c9108a6afd..c5e964ec8c1 100644
--- a/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.3.0.bb
@@ -28,6 +28,9 @@ UPSTREAM_CHECK_REGEX = "tiff-(?P<pver>\d+(\.\d+)+).tar"
# Tested with check from https://security-tracker.debian.org/tracker/CVE-2015-7313
# and 4.3.0 doesn't have the issue
CVE_CHECK_IGNORE += "CVE-2015-7313"
+# These issues only affect libtiff post-4.3.0 but before 4.4.0,
+# caused by 3079627e and fixed by b4e79bfa.
+CVE_CHECK_IGNORE += "CVE-2022-1622 CVE-2022-1623"
inherit autotools multilib_header
--
2.25.1
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2022-05-23 12:15 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-05-23 12:14 [PATCH] tiff: mark CVE-2022-1622 and CVE-2022-1623 as invalid Ross Burton
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.