commit fc813437ab4aa409fc83d0cdb6ddb10efa2502dc
author Rachael Newitt <renewitt@google.com> Wed Jul 12 00:42:38 2023 +0000
committer Pdfium LUCI CQ <pdfium-scoped@luci-project-accounts.iam.gserviceaccount.com> Wed Jul 12 00:42:38 2023 +0000
tree 07351acc645189db9d11ab981c90e0fdf714301a
parent e9a111cfbb9e7a6ac04b92a2d3d00da90960ca5e

Add METADATA file to track mitigated security patches for libtiff

Bug: b/278206712, b/278861052, b/290307376, b/288631550, b/289307143

Change-Id: I38125c86b8d7913f80eec1ce7be52de8f6926eb7
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/109470
Reviewed-by: Lei Zhang <thestig@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

third_party/libtiff/METADATA

diff --git a/third_party/libtiff/METADATA b/third_party/libtiff/METADATA
new file mode 100644
index 0000000..35e01b9
--- /dev/null
+++ b/third_party/libtiff/METADATA
@@ -0,0 +1,17 @@
+# Copyright 2023 The Chromium Authors
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Metadata for CVEs that are fixed or don't affect libtiff.
+
+third_party {
+  security {
+    # PDFium's copy of libtiff does not ship tools like tiffcrop.
+    mitigated_security_patch: "CVE-2022-48281"
+    mitigated_security_patch: "CVE-2023-1916"
+    mitigated_security_patch: "CVE-2023-25433"
+    mitigated_security_patch: "CVE-2023-25434"
+    mitigated_security_patch: "CVE-2023-25435"
+    mitigated_security_patch: "CVE-2023-26965"
+  }
+}
\ No newline at end of file