mirror of
https://git.yoctoproject.org/poky
synced 2026-07-15 15:37:03 +00:00
libtheora: mark CVE-2024-56431 as not vulnerable yet
CVE patch [1] aplies only on main branch which is base for 1.2.x. Branch 1.1 has a different initial commit and does not contain vulnerable code where the CVE patch applies. Also Debian [2] marked 1.1 as not vulnerable. [1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 (From OE-Core rev: 07f35d022b88ab4d297d0252f9909e252b7e4cfe) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Paul Barker <paul@pbarker.dev> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
committed by
Richard Purdie
parent
d3ad12659a
commit
01a3d9d7ae
@@ -21,3 +21,5 @@ CVE_PRODUCT = "theora"
|
||||
inherit autotools pkgconfig
|
||||
|
||||
EXTRA_OECONF = "--disable-examples"
|
||||
|
||||
CVE_STATUS[CVE-2024-56431] = "fixed-version:branch 1.1 is not affected, vulnerable code is not present yet"
|
||||
|
||||
Reference in New Issue
Block a user