From: Yi Zhao <yi.zhao@windriver.com>
To: <openembedded-core@lists.openembedded.org>
Cc: akuster@mvista.com
Subject: [PATCH 0/5] libtiff: CVE fixes
Date: Wed, 10 Aug 2016 15:11:15 +0800 [thread overview]
Message-ID: <cover.1470812191.git.yi.zhao@windriver.com> (raw)
Fix CVE-2015-8781 CVE-2015-8784 CVE-2016-3186 CVE-2016-5321 CVE-2016-5323
The patches for CVE-2015-8781 and CVE-2015-8784 are cherry-picked from jethro branch since I found these 2 patches are also needed by tiff 4.0.6
Here is the comparing changes since 4.0.6 released, you could see these 2 patches are in the list:
https://github.com/vadz/libtiff/compare/Release-v4-0-6...master
The following changes since commit dfc016fbf13e62f7767edaf7abadf1d1b72680b2:
maintainers.inc: remove augeas (2016-08-04 20:56:11 +0100)
are available in the git repository at:
git://git.pokylinux.org/poky-contrib yzhao/tiff-cve
http://git.pokylinux.org/cgit.cgi/poky-contrib/log/?h=yzhao/tiff-cve
Armin Kuster (2):
tiff: Security fix CVE-2015-8781
tiff: Security fix CVE-2015-8784
Yi Zhao (3):
tiff: Security fix CVE-2016-3186
tiff: Security fix CVE-2016-5321
tiff: Security fix CVE-2016-5323
.../libtiff/files/CVE-2015-8781.patch | 195 +++++++++++++++++++++
.../libtiff/files/CVE-2015-8784.patch | 73 ++++++++
.../libtiff/files/CVE-2016-3186.patch | 24 +++
.../libtiff/files/CVE-2016-5321.patch | 49 ++++++
.../libtiff/files/CVE-2016-5323.patch | 107 +++++++++++
meta/recipes-multimedia/libtiff/tiff_4.0.6.bb | 5 +
6 files changed, 453 insertions(+)
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8781.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2015-8784.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-3186.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5321.patch
create mode 100644 meta/recipes-multimedia/libtiff/files/CVE-2016-5323.patch
--
2.7.4
next reply other threads:[~2016-08-10 7:11 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-08-10 7:11 Yi Zhao [this message]
2016-08-10 7:11 ` [PATCH 1/5] tiff: Security fix CVE-2015-8781 Yi Zhao
2016-08-10 7:11 ` [PATCH 2/5] tiff: Security fix CVE-2015-8784 Yi Zhao
2016-08-10 7:11 ` [PATCH 3/5] tiff: Security fix CVE-2016-3186 Yi Zhao
2016-08-10 7:11 ` [PATCH 4/5] tiff: Security fix CVE-2016-5321 Yi Zhao
2016-08-10 7:11 ` [PATCH 5/5] tiff: Security fix CVE-2016-5323 Yi Zhao
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=cover.1470812191.git.yi.zhao@windriver.com \
--to=yi.zhao@windriver.com \
--cc=akuster@mvista.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox