package/tiff: ignore CVE-2025-8851
The CVE-2025-8851 [1] has been fixed in upstream commit [2] that is part
of the v4.7.0 release.
Because the NVD reference includes the version '<2024-08-11' most of CVE
checker will fail to compare it against 4.7.0 and report it as a
positive.
[1] https://nvd.nist.gov//vuln/detail/CVE-2025-8851
[2] 8a7a48d7a6
Signed-off-by: Thomas Perale <thomas.perale@mind.be>
Signed-off-by: Julien Olivain <ju.o@free.fr>
This commit is contained in:
Thomas Perale
committed by
Julien Olivain
Julien Olivain
parent
93977c592d
commit
740412aefc
@@ -19,6 +19,9 @@ TIFF_IGNORE_CVES += CVE-2025-8176
|
||||
# 0004-fix-for-thumbnail-issue.patch
|
||||
TIFF_IGNORE_CVES += CVE-2025-8177
|
||||
|
||||
# Fixed in 4.7.0
|
||||
TIFF_IGNORE_CVES += CVE-2025-8851
|
||||
|
||||
# webp has a (optional) dependency on tiff, so we can't have webp
|
||||
# support in tiff, or that would create a circular dependency.
|
||||
TIFF_CONF_OPTS = \
|
||||
|
||||
Reference in New Issue
Block a user