Re: [OE-core][kirkstone][PATCH] ffmpeg: Ignore CVE-2023-46407

Fri, 27 Sep 2024 06:18:24 -0700 

Since this is an error in the CVE database you should send an email to
cpe_diction...@nist.gov requesting that they correct the error.
Please provide supporting information in the request.

This is our preferred solution.

Thanks!

Steve

On Mon, Sep 23, 2024 at 11:42 PM Nikhil via lists.openembedded.org
<nikhil.r=kpit....@lists.openembedded.org> wrote:
>
> From: Nikhil R <nikhi...@kpit.com>
>
> Ignore CVE-2023-46407 as Vulnerable code
> introduced later than 5.0.1 version
>
> Introduced by:
> https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3
>
> Debian link: https://security-tracker.debian.org/tracker/CVE-2023-46407
>
> Signed-off-by: Nikhil R <nikhi...@kpit.com>
> ---
>  meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 4 ++++
>  1 file changed, 4 insertions(+)
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb 
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> index 1295d5cdf1..c0121edc7d 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb
> @@ -39,6 +39,10 @@ SRC_URI[sha256sum] = 
> "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a
>  # https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018
>  CVE_CHECK_IGNORE += "CVE-2023-39018"
>
> +# CVE-2023-46407 was introduced in 6.1 version of ffmpeg
> +# Vulnerable code introduced later than 5.0.1 Version
> +CVE_CHECK_IGNORE += "CVE-2023-46407"
> +
>  # Build fails when thumb is enabled: 
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
>  ARM_INSTRUCTION_SET:armv4 = "arm"
>  ARM_INSTRUCTION_SET:armv5 = "arm"
> --
> 2.25.1
>
> This message contains information that may be privileged or confidential and 
> is the property of the KPIT Technologies Ltd. It is intended only for the 
> person to whom it is addressed. If you are not the intended recipient, you 
> are not authorized to read, print, retain copy, disseminate, distribute, or 
> use this message or any part thereof. If you receive this message in error, 
> please notify the sender immediately and delete all copies of this message. 
> KPIT Technologies Ltd. does not accept any liability for virus infected mails.
>
> 
>

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#205021): 
https://lists.openembedded.org/g/openembedded-core/message/205021
Mute This Topic: https://lists.openembedded.org/mt/108624121/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to