openembedded-core.git/meta/recipes-multimedia/libtiff, branch 2016-10 Mirror of openembedded-core tiff: Update download URL 2016-09-13T14:17:41+00:00 Jussi Kukkonen jussi.kukkonen@intel.com 2016-09-08T13:35:31+00:00 f544e1d10e9dc0f750efdb45a78ce9d5c9603070 remotesensing.org domain has been taken over by someone unrelated. There does not seem to be an up-to-date tiff homepage, but osgeo.org is a reliable download site. Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
remotesensing.org domain has been taken over by someone unrelated.
There does not seem to be an up-to-date tiff homepage, but
osgeo.org is a reliable download site.

Signed-off-by: Jussi Kukkonen <jussi.kukkonen@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fix CVE-2016-5323 2016-08-17T09:31:10+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:20+00:00 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4 CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323 http://bugzilla.maptools.org/show_bug.cgi?id=2559 Patch from: https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559

Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fix CVE-2016-5321 2016-08-17T09:31:09+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:19+00:00 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321 http://bugzilla.maptools.org/show_bug.cgi?id=2558 Patch from: https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558

Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fix CVE-2016-3186 2016-08-17T09:31:08+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:18+00:00 3d818fc862b1d85252443fefa2222262542a10ae CVE-2016-3186 libtiff: buffer overflow in the readextension function in gif2tiff.c allows remote attackers to cause a denial of service via a crafted GIF file External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 https://bugzilla.redhat.com/show_bug.cgi?id=1319503 Patch from: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503

Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fix CVE-2015-8784 2016-08-17T09:31:07+00:00 Armin Kuster akuster@mvista.com 2016-08-10T07:11:17+00:00 36097da9679ab2ce3c4044cd8ed64e5577e3f63e CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()

External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8784

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fix CVE-2015-8781 2016-08-17T09:31:05+00:00 Armin Kuster akuster@mvista.com 2016-08-10T07:11:16+00:00 9e97ff5582fab9f157ecd970c7c3559265210131 CVE-2015-8781 libtiff: out-of-bounds writes for invalid images External Reference: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images

External Reference:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-8781

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Security fixes CVE-2015-8665 and CVE-2015-8683 2016-04-29T06:36:30+00:00 Armin Kuster akuster@mvista.com 2016-04-26T00:29:41+00:00 b7a38a45bf404b8f9b419bf7c054102d68cf2673 same fix for both CVE's tiff <= 4.0.6 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
same fix for both CVE's

tiff <= 4.0.6

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tiff: update to 4.0.6 2015-12-27T11:26:57+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-12-17T14:29:29+00:00 88a2a8f2f03faa19c1400a9badf16845ba217861 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
package_regex.inc: split entries which blacklist specific versions to their recipes 2015-12-08T10:20:09+00:00 Alexander Kanavin alexander.kanavin@linux.intel.com 2015-11-16T14:34:03+00:00 1eb9e190ef3bb1170b3eaabd9f7900e7ce176624 Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com> Signed-off-by: Ross Burton <ross.burton@intel.com> 
Signed-off-by: Alexander Kanavin <alexander.kanavin@linux.intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
tiff: Update to 4.0.4 2015-06-27T21:42:00+00:00 Randy MacLeod Randy.MacLeod@windriver.com 2015-06-26T20:27:51+00:00 5c5d7c2ab0d32faca43ba360d5d42ecd2822c730 Update tiff to latest version. None of the local CVE patches are needed based on reviewing the ChangeLog so remove them. Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
Update tiff to latest version. None of the local CVE patches
are needed based on reviewing the ChangeLog so remove them.

Signed-off-by: Randy MacLeod <Randy.MacLeod@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>