mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-06 02:39:53 +00:00
Code Issues Projects Releases Wiki Activity

ffmpeg: ignore 8 CVEs fixed in 6.1.1 and 6.1.3 releases

Browse Source 
Following are mentioned in commit upgrading the recipe to 6.1.3:
* CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2024-31578 CVE-2024-31582

Following are fixed via mentioned commits already in 6.1.1:
* CVE-2023-50009: https://github.com/FFmpeg/FFmpeg/commit/162b4c60c8f72be2e93b759f3b1e14652b70b3ba
* CVE-2023-50010: https://github.com/FFmpeg/FFmpeg/commit/e809c23786fe297797198a7b9f5d3392d581daf1
* CVE-2024-31585: https://github.com/FFmpeg/FFmpeg/commit/3061bf668feffc7c1f0b244205167b3b86da8015

(From OE-Core rev: 8286570b3baf275ff48c45ca0864348a8d3faa01)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Peter Marko
2025-10-08 23:10:45 +02:00
committed by Steve Sakoman
parent ac57f3b9d2
commit 8c8680d4c0
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.3.bb
+4
View File
@@ -50,6 +50,10 @@ CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wr
# Fixed: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
CVE_STATUS[CVE-2025-1373] = "fixed-version: Vulnerable code not present in any release"
CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
# Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
ARM_INSTRUCTION_SET:armv4 = "arm"
ARM_INSTRUCTION_SET:armv5 = "arm"