Mark 2 libtiff CVEs as mitigated [pdfium : main]

4 views
Skip to first unread message

Lei Zhang (Gerrit)

unread,
Oct 11, 2023, 1:47:08 PM10/11/23
to Tom Sepez, pdfium-...@googlegroups.com, Lei Zhang

Attention is currently required from: Tom Sepez.

Lei Zhang would like Tom Sepez to review this change.

View Change

Mark 2 libtiff CVEs as mitigated

The CVEs in question are for libtiff tools, which are not in this copy
of the libtiff source.

Bug: b/304591320
Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa
---
M third_party/libtiff/METADATA
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/third_party/libtiff/METADATA b/third_party/libtiff/METADATA
index 35e01b9..7d36a06 100644
--- a/third_party/libtiff/METADATA
+++ b/third_party/libtiff/METADATA
@@ -13,5 +13,7 @@
     mitigated_security_patch: "CVE-2023-25434"
     mitigated_security_patch: "CVE-2023-25435"
     mitigated_security_patch: "CVE-2023-26965"
+    mitigated_security_patch: "CVE-2023-40745"
+    mitigated_security_patch: "CVE-2023-41175"
   }
-}
\ No newline at end of file
+}

To view, visit change 112530. To unsubscribe, or for help writing mail filters, visit settings.

Gerrit-MessageType: newchange
Gerrit-Project: pdfium
Gerrit-Branch: main
Gerrit-Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa
Gerrit-Change-Number: 112530
Gerrit-PatchSet: 1
Gerrit-Owner: Lei Zhang <the...@chromium.org>
Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
Gerrit-Reviewer: Tom Sepez <tse...@chromium.org>
Gerrit-Attention: Tom Sepez <tse...@chromium.org>

Tom Sepez (Gerrit)

unread,
Oct 11, 2023, 3:22:15 PM10/11/23
to Lei Zhang, pdfium-...@googlegroups.com, Pdfium LUCI CQ

Attention is currently required from: Lei Zhang.

Patch set 1:Code-Review +1

View Change

    To view, visit change 112530. To unsubscribe, or for help writing mail filters, visit settings.

    Gerrit-MessageType: comment
    Gerrit-Project: pdfium
    Gerrit-Branch: main
    Gerrit-Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa
    Gerrit-Change-Number: 112530
    Gerrit-PatchSet: 1
    Gerrit-Owner: Lei Zhang <the...@chromium.org>
    Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
    Gerrit-Reviewer: Tom Sepez <tse...@chromium.org>
    Gerrit-Attention: Lei Zhang <the...@chromium.org>
    Gerrit-Comment-Date: Wed, 11 Oct 2023 19:22:12 +0000
    Gerrit-HasComments: No
    Gerrit-Has-Labels: Yes

    Lei Zhang (Gerrit)

    unread,
    Oct 11, 2023, 3:50:04 PM10/11/23
    to Lei Zhang, pdfium-...@googlegroups.com, Tom Sepez, Pdfium LUCI CQ

    Patch set 1:Commit-Queue +2

    View Change

      To view, visit change 112530. To unsubscribe, or for help writing mail filters, visit settings.

      Gerrit-MessageType: comment
      Gerrit-Project: pdfium
      Gerrit-Branch: main
      Gerrit-Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa
      Gerrit-Change-Number: 112530
      Gerrit-PatchSet: 1
      Gerrit-Owner: Lei Zhang <the...@chromium.org>
      Gerrit-Reviewer: Lei Zhang <the...@chromium.org>
      Gerrit-Reviewer: Tom Sepez <tse...@chromium.org>
      Gerrit-Comment-Date: Wed, 11 Oct 2023 19:50:01 +0000
      Gerrit-HasComments: No
      Gerrit-Has-Labels: Yes

      Pdfium LUCI CQ (Gerrit)

      unread,
      Oct 11, 2023, 3:51:51 PM10/11/23
      to Lei Zhang, pdfium-...@googlegroups.com, Tom Sepez

      Pdfium LUCI CQ submitted this change.

      View Change

      Approvals: Tom Sepez: Looks good to me Lei Zhang: Commit 
      Mark 2 libtiff CVEs as mitigated

      The CVEs in question are for libtiff tools, which are not in this copy
      of the libtiff source.

      Bug: b/304591320
      Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa
      Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/112530
      Reviewed-by: Tom Sepez <tse...@chromium.org>
      Commit-Queue: Lei Zhang <the...@chromium.org>

      ---
      M third_party/libtiff/METADATA
      1 file changed, 3 insertions(+), 1 deletion(-)

      

      diff --git a/third_party/libtiff/METADATA b/third_party/libtiff/METADATA
      index 35e01b9..7d36a06 100644
      --- a/third_party/libtiff/METADATA
      +++ b/third_party/libtiff/METADATA
      @@ -13,5 +13,7 @@
           mitigated_security_patch: "CVE-2023-25434"
           mitigated_security_patch: "CVE-2023-25435"
           mitigated_security_patch: "CVE-2023-26965"
      +    mitigated_security_patch: "CVE-2023-40745"
      +    mitigated_security_patch: "CVE-2023-41175"
         }
      -}
      \ No newline at end of file
      +}

      To view, visit change 112530. To unsubscribe, or for help writing mail filters, visit settings.
      


       Gerrit-MessageType: merged 
      

       Gerrit-Project: pdfium 
      

       Gerrit-Branch: main 
      

       Gerrit-Change-Id: Iff039cb3789b7e1a217dc60217c1eee2814c29aa 
      

       Gerrit-Change-Number: 112530 
      

       Gerrit-PatchSet: 2 
      

       Gerrit-Owner: Lei Zhang <the...@chromium.org> 
      

       Gerrit-Reviewer: Lei Zhang <the...@chromium.org> 
      

      

       Gerrit-Reviewer: Tom Sepez <tse...@chromium.org> 
      


      Reply all
      Reply to author
      Forward
      0 new messages