[Buildroot] [PATCH 1/2] package/tiff: ignore CVE-2025-8851
Julien Olivain
ju.o at free.fr
Fri Sep 26 19:37:10 UTC 2025
On 26/09/2025 18:32, Thomas Perale via buildroot wrote:
> The CVE-2025-8851 [1] has been fixed in upstream commit [2] that is
> part
> of the v4.7.0 release.
>
> Because the NVD reference includes the version '<2024-08-11' most of
> CVE
> checker will fail to compare it against 4.7.0 and report it as a
> positive.
>
> [1] https://nvd.nist.gov//vuln/detail/CVE-2025-8851
> [2]
> https://gitlab.com/libtiff/libtiff/-/commit/8a7a48d7a645992ca83062b3a1873c951661e2b3
>
> Signed-off-by: Thomas Perale <thomas.perale at mind.be>
Series applied to master, thanks.
For info, I fixed the license hash.
Best regards,
Julien.
More information about the buildroot
mailing list