[OE-core][kirkstone][PATCH] ffmpeg: Ignore CVE-2023-46407

Mon, 23 Sep 2024 23:42:49 -0700 

From: Nikhil R <nikhi...@kpit.com>

Ignore CVE-2023-46407 as Vulnerable code
introduced later than 5.0.1 version

Introduced by:
https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3

Debian link: https://security-tracker.debian.org/tracker/CVE-2023-46407

Signed-off-by: Nikhil R <nikhi...@kpit.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb 
b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
index 1295d5cdf1..c0121edc7d 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
@@ -39,6 +39,10 @@ SRC_URI[sha256sum] = 
"ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a
 # https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018
 CVE_CHECK_IGNORE += "CVE-2023-39018"

+# CVE-2023-46407 was introduced in 6.1 version of ffmpeg
+# Vulnerable code introduced later than 5.0.1 Version
+CVE_CHECK_IGNORE += "CVE-2023-46407"
+
 # Build fails when thumb is enabled: 
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"
--
2.25.1

This message contains information that may be privileged or confidential and is 
the property of the KPIT Technologies Ltd. It is intended only for the person 
to whom it is addressed. If you are not the intended recipient, you are not 
authorized to read, print, retain copy, disseminate, distribute, or use this 
message or any part thereof. If you receive this message in error, please 
notify the sender immediately and delete all copies of this message. KPIT 
Technologies Ltd. does not accept any liability for virus infected mails.

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#204835): 
https://lists.openembedded.org/g/openembedded-core/message/204835
Mute This Topic: https://lists.openembedded.org/mt/108624121/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to