tiff: ignore CVE-2025-61143, CVE-2025-61144 and CVE-2025-61145

These CVEs are for tools which were removed in v4.6.0[1] [1]eab89a627f Details: https://nvd.nist.gov/vuln/detail/CVE-2025-61143 https://nvd.nist.gov/vuln/detail/CVE-2025-61144 https://nvd.nist.gov/vuln/detail/CVE-2025-61145 (From OE-Core rev: e5ec16fbe4ce402b92107d2491c4e08fa2432f1a) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> [YC: NVD patches for these CVEs only modify the tools which are not in the tarball we use] Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev>
2026-03-26 04:02:21 +01:00 · 2026-03-07 19:45:40 +13:00
parent eedd0439ba
commit f7363369bf
1 changed files with 1 additions and 1 deletions
--- a/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
+++ b/meta/recipes-multimedia/libtiff/tiff_4.6.0.bb
@@ -29,7 +29,7 @@ CVE_STATUS[CVE-2015-7313] = "fixed-version: Tested with check from https://secur
 CVE_STATUS[CVE-2023-3164] = "cpe-incorrect: Issue only affects the tiffcrop tool not compiled by default since 4.6.0"

 CVE_STATUS_GROUPS += "CVE_STATUS_REMOVED_TOOLS"
-CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851 CVE-2025-8961"
+CVE_STATUS_REMOVED_TOOLS = "CVE-2024-13978 CVE-2025-8176 CVE-2025-8177 CVE-2025-8534 CVE-2025-8851 CVE-2025-8961 CVE-2025-61143 CVE-2025-61144 CVE-2025-61145"
 CVE_STATUS_REMOVED_TOOLS[status] = "cpe-incorrect: tools affected by these CVEs are not present in this release"

 inherit autotools multilib_header