[Buildroot] [PATCH] tiff: add upstream security fix for CVE-2017-10688
Thomas Petazzoni
thomas.petazzoni at free-electrons.com
Fri Jul 14 17:36:42 UTC 2017
Hello,
On Fri, 14 Jul 2017 16:24:26 +0200, Peter Korsgaard wrote:
> Fixes CVE-2017-10688 - n LibTIFF 4.0.8, there is a assertion abort in the
> TIFFWriteDirectoryTagCheckedLong8Array function in tif_dirwrite.c. A
> crafted input will lead to a remote denial of service attack.
>
> Signed-off-by: Peter Korsgaard <peter at korsgaard.com>
> ---
> ..._dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch | 70 ++++++++++++++++++++++
> 1 file changed, 70 insertions(+)
> create mode 100644 package/tiff/0001-libtiff-tif_dirwrite.c-in-TIFFWriteDirectoryTagCheck.patch
Applied to master, thanks.
Thomas
--
Thomas Petazzoni, CTO, Free Electrons
Embedded Linux, Kernel and Android engineering
http://free-electrons.com
More information about the buildroot
mailing list