From: Yi Zhao <yi.zhao@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Cc: akuster@mvista.com
Subject: [PATCH 0/5] libtiff: CVE fixes
Date: Wed, 10 Aug 2016 15:11:15 +0800 [thread overview]
Message-ID: <cover.1470812191.git.yi.zhao@windriver.com> (raw)
Fix CVE-2015-8781 CVE-2015-8784 CVE-2016-3186 CVE-2016-5321 CVE-2016-5323
The patches for CVE-2015-8781 and CVE-2015-8784 are cherry-picked from jethro branch since I found these 2 patches are also needed by tiff 4.0.6
Here is the comparing changes since 4.0.6 released, you could see these 2 patches are in the list:
https://github.com/vadz/libtiff/compare/Release-v4-0-6...master
The following changes since commit dfc016fbf13e62f7767edaf7abadf1d1b72680b2:
maintainers.inc: remove augeas (2016-08-04 20:56:11 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib yzhao/tiff-cve
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=yzhao/tiff-cve
Armin Kuster (2):
tiff: Security fix CVE-2015-8781
tiff: Security fix CVE-2015-8784
Yi Zhao (3):
tiff: Security fix CVE-2016-3186
tiff: Security fix CVE-2016-5321
tiff: Security fix CVE-2016-5323
.../libtiff/files/CVE-2015-8781.patch | 195 +++++++++++++++++++++
.../libtiff/files/CVE-2015-8784.patch | 73 ++++++++
.../libtiff/files/CVE-2016-3186.patch | 24 +++
.../libtiff/files/CVE-2016-5321.patch | 49 ++++++
.../libtiff/files/CVE-2016-5323.patch | 107 +++++++++++
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 +
6 files changed, 453 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
--
2.7.4
next reply other threads:[~2016-08-10 7:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-10 7:11 Yi Zhao [this message]
2016-08-10 7:11 ` [PATCH 1/5] tiff: Security fix CVE-2015-8781 Yi Zhao
2016-08-10 7:11 ` [PATCH 2/5] tiff: Security fix CVE-2015-8784 Yi Zhao
2016-08-10 7:11 ` [PATCH 3/5] tiff: Security fix CVE-2016-3186 Yi Zhao
2016-08-10 7:11 ` [PATCH 4/5] tiff: Security fix CVE-2016-5321 Yi Zhao
2016-08-10 7:11 ` [PATCH 5/5] tiff: Security fix CVE-2016-5323 Yi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1470812191.git.yi.zhao@windriver.com \
--to=yi.zhao@windriver.com \
--cc=akuster@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.