openembedded-core.git/meta/recipes-multimedia, branch jethro Mirror of openembedded-core tiff: Security fix CVE-2016-5323 2016-09-23T22:21:43+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:20+00:00 4e2f4484d6e1418c34f65de954809d06df41cc38 CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323 http://bugzilla.maptools.org/show_bug.cgi?id=2559 Patch from: https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4) Signed-off-by: Armin Kuster <akuster808@gmail.com> 
CVE-2016-5323 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5323
http://bugzilla.maptools.org/show_bug.cgi?id=2559

Patch from:
https://github.com/vadz/libtiff/commit/2f79856097f423eb33796a15fcf700d2ea41bf31

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4ad1220e0a7f9ca9096860f4f9ae7017b36e29e4)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tiff: Security fix CVE-2016-5321 2016-09-23T22:21:43+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:19+00:00 35a7cb62be554e28f64b7583d46d693ea184491f CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the application to crash when using tiffcrop command External References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321 http://bugzilla.maptools.org/show_bug.cgi?id=2558 Patch from: https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0 Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d) Signed-off-by: Armin Kuster <akuster808@gmail.com> 
CVE-2016-5321 libtiff: a maliciously crafted TIFF file could cause the
application to crash when using tiffcrop command

External References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5321
http://bugzilla.maptools.org/show_bug.cgi?id=2558

Patch from:
https://github.com/vadz/libtiff/commit/d9783e4a1476b6787a51c5ae9e9b3156527589f0

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 4a167cfb6ad79bbe2a2ff7f7b43c4a162ca42a4d)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
tiff: Security fix CVE-2016-3186 2016-09-23T22:21:43+00:00 Yi Zhao yi.zhao@windriver.com 2016-08-10T07:11:18+00:00 b4471e7264538b3577808fae5e78f42c0d31e195 CVE-2016-3186 libtiff: buffer overflow in the readextension function in gif2tiff.c allows remote attackers to cause a denial of service via a crafted GIF file External References: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186 https://bugzilla.redhat.com/show_bug.cgi?id=1319503 Patch from: https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff Signed-off-by: Yi Zhao <yi.zhao@windriver.com> Signed-off-by: Ross Burton <ross.burton@intel.com> (cherry picked from commit 3d818fc862b1d85252443fefa2222262542a10ae) Signed-off-by: Armin Kuster <akuster808@gmail.com> 
CVE-2016-3186 libtiff: buffer overflow in the readextension function in
gif2tiff.c allows remote attackers to cause a denial of service via a
crafted GIF file

External References:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3186
https://bugzilla.redhat.com/show_bug.cgi?id=1319503

Patch from:
https://bugzilla.redhat.com/attachment.cgi?id=1144235&action=diff

Signed-off-by: Yi Zhao <yi.zhao@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
(cherry picked from commit 3d818fc862b1d85252443fefa2222262542a10ae)
Signed-off-by: Armin Kuster <akuster808@gmail.com>
libtiff: Security fix CVE-2015-8664 and 8683 2016-05-14T08:39:13+00:00 Armin Kuster akuster@mvista.com 2016-04-26T20:19:44+00:00 49008750ece710201701a6f413537c857190798a CVE-2015-8665 CVE-2015-8683 Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8665
CVE-2015-8683

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
libpng: Security fix CVE-2015-8472 2016-02-07T22:47:07+00:00 Armin Kuster akuster@mvista.com 2016-02-05T14:05:08+00:00 f4a805702df691cbd2b80aa5f75d6adfb0f145eb libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions this patch fixes an incomplete patch in CVE-2015-8126 Signed-off-by: Armin Kuster <akuster@mvista.com> 
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

this patch fixes an incomplete patch in CVE-2015-8126

Signed-off-by: Armin Kuster <akuster@mvista.com>
libpng: Security fix CVE-2015-8126 2016-02-07T22:47:06+00:00 Armin Kuster akuster@mvista.com 2016-02-05T14:03:48+00:00 d0a8313a03711ff881ad89b6cfc545f66a0bc018 libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions Signed-off-by: Armin Kuster <akuster@mvista.com> 
libpng: Buffer overflow vulnerabilities in png_get_PLTE/png_set_PLTE functions

Signed-off-by: Armin Kuster <akuster@mvista.com>
libpng: update URL that no longer exists 2016-02-02T16:46:14+00:00 Maxin B. John maxin.john@intel.com 2016-02-02T16:26:25+00:00 dbde0550ce0cc112947367eb89b914be5b3359a7 Fix the following warning: WARNING: Failed to fetch URL http://downloads.sourceforge.net/ project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting MIRRORS if available [YOCTO #8739] Signed-off-by: Maxin B. John <maxin.john@intel.com> Signed-off-by: Saul Wold <sgw@linux.intel.com> 
Fix the following warning:

WARNING: Failed to fetch URL http://downloads.sourceforge.net/
project/libpng/libpng16/1.6.17/libpng-1.6.17.tar.xz, attempting
MIRRORS if available

[YOCTO #8739]

Signed-off-by: Maxin B. John <maxin.john@intel.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
tiff: Security fix CVE-2015-8784 2016-01-30T12:08:37+00:00 Armin Kuster akuster@mvista.com 2016-01-30T01:39:37+00:00 3e89477c8ad980fabd13694fa72a0be2e354bbe2 CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode() Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8784 libtiff: out-of-bound write in NeXTDecode()

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
tiff: Security fix CVE-2015-8781 2016-01-30T12:08:37+00:00 Armin Kuster akuster@mvista.com 2016-01-30T01:39:36+00:00 29c80024bdb67477dae47d8fb903feda2efe75d4 CVE-2015-8781 libtiff: out-of-bounds writes for invalid images Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> 
CVE-2015-8781 libtiff: out-of-bounds writes for invalid images

Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Revert "gstreamer1.0-plugins-good.inc: add gudev back to PACKAGECONFIG" 2016-01-20T17:10:23+00:00 Richard Purdie richard.purdie@linuxfoundation.org 2016-01-20T17:10:11+00:00 824a43c30b99971a382abd5edcf126f96cf4d485 This reverts commit 5c90b561930aac1783485d91579d313932273e92. The original change was intentional so back out 'fixes'. 
This reverts commit 5c90b561930aac1783485d91579d313932273e92.

The original change was intentional so back out 'fixes'.