| Message ID | 20241016101644.27269-1-mail2szahir@gmail.com |
|---|---|
| State | Awaiting Upstream |
| Delegated to: | Steve Sakoman |
| Headers | show |
| Series | [kirkstone] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT | expand |
Could you also send this patch for master? Since the issue also exists in master, we'll need to fix it there before I can take the patch for the stable branches. Thanks! Steve On Wed, Oct 16, 2024 at 3:17 AM aszh07 via lists.openembedded.org <mail2szahir=gmail.com@lists.openembedded.org> wrote: > > Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". > > However, there are also vulnerabilities where the product is "libswresample", > and "libavcodec" as shown below. > https://app.opencve.io/vendors/?vendor=ffmpeg > > Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities > where the product is "libswresample libavcodec" as well. > > Signed-off-by: aszh07 <mail2szahir@gmail.com> > --- > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 1295d5cdf1..022220b58f 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" > INSANE_SKIP:${MLPREFIX}libswscale = "textrel" > INSANE_SKIP:${MLPREFIX}libswresample = "textrel" > INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" > + > +CVE_PRODUCT = "ffmpeg libswresample libavcodec" > -- > 2.17.1 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#205961): https://lists.openembedded.org/g/openembedded-core/message/205961 > Mute This Topic: https://lists.openembedded.org/mt/109041180/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 1295d5cdf1..022220b58f 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" INSANE_SKIP:${MLPREFIX}libswscale = "textrel" INSANE_SKIP:${MLPREFIX}libswresample = "textrel" INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" + +CVE_PRODUCT = "ffmpeg libswresample libavcodec"
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". However, there are also vulnerabilities where the product is "libswresample", and "libavcodec" as shown below. https://app.opencve.io/vendors/?vendor=ffmpeg Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect vulnerabilities where the product is "libswresample libavcodec" as well. Signed-off-by: aszh07 <mail2szahir@gmail.com> --- meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++ 1 file changed, 2 insertions(+)