summary refs log tree commit diff
path: root/gnu/packages/image.scm
diff options
context:
space:
mode:
authorAlex Vong <alexvong1995@gmail.com>2017-07-06 23:55:01 -0400
committerLeo Famulari <leo@famulari.name>2017-07-07 00:06:37 -0400
commitdab536fe1ae5a8775a2b50fa50556445b6ac7818 (patch)
tree3fd81db4f5ba7935736a21d165f905d61c8dbe0f /gnu/packages/image.scm
parentab104672e15572ff5586ea607b1762e5dc35b2aa (diff)
downloadguix-dab536fe1ae5a8775a2b50fa50556445b6ac7818.tar.gz
gnu: libtiff: Fix CVE-2017-{9936,10688}.
* gnu/packages/patches/libtiff-CVE-2017-9936.patch,
gnu/packages/patches/libtiff-CVE-2017-10688.patch: New files.
* gnu/local.mk (dist_patch_DATA): Add them.
* gnu/packages/image.scm (libtiff-4.0.8)[source]: Use them.

Signed-off-by: Leo Famulari <leo@famulari.name>
Diffstat (limited to 'gnu/packages/image.scm')
-rw-r--r--gnu/packages/image.scm4
1 files changed, 3 insertions, 1 deletions
diff --git a/gnu/packages/image.scm b/gnu/packages/image.scm
index 8a03cbc3c7..fe9d2d5b13 100644
--- a/gnu/packages/image.scm
+++ b/gnu/packages/image.scm
@@ -391,7 +391,9 @@ collection of tools for doing simple manipulations of TIFF images.")
        (method url-fetch)
        (uri (string-append "ftp://download.osgeo.org/libtiff/tiff-"
                            version ".tar.gz"))
-       (patches (search-patches "libtiff-tiffgetfield-bugs.patch"))
+       (patches (search-patches "libtiff-tiffgetfield-bugs.patch"
+                                "libtiff-CVE-2016-10688.patch"
+                                "libtiff-CVE-2017-9936.patch"))
        (sha256
         (base32
          "0419mh6kkhz5fkyl77gv0in8x4d2jpdpfs147y8mj86rrjlabmsr"))))))