| Message ID | 20260427101042.5132-1-peter.marko@siemens.com |
|---|---|
| State | Accepted, archived |
| Commit | dd3cf15cf7b065f5f74fafd3c1450353cdc301c4 |
| Headers | show |
| Series | [v2] ffmpeg: set status for 4 CVEs | expand |
Could you please take one this instead of the old version to master-next? ffmpeg: set status for 5 CVEs https://git.openembedded.org/openembedded-core/commit/?h=master-next&id=e941054f6f1381742a5af02c85f8174cc776a81f Thanks, Peter -----Original Message----- From: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> Sent: Monday, April 27, 2026 12:11 PM To: openembedded-core@lists.openembedded.org Cc: Marko, Peter (FT D EU SK BFS1) <Peter.Marko@siemens.com> Subject: [PATCH v2] ffmpeg: set status for 4 CVEs From: Peter Marko <peter.marko@siemens.com> These reappeared after update of sbom-cve-check tooling. Fixed version found by links from Debian security tracker. Signed-off-by: Peter Marko <peter.marko@siemens.com> --- meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb index 7bb7de3d25..b6d3ceb6dc 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb @@ -176,6 +176,10 @@ CVE_STATUS_GROUPS = "CVE_STATUS_WRONG_CPE" CVE_STATUS_WRONG_CPE = "CVE-2023-51791 CVE-2023-51793 CVE-2023-51794 CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 CVE-2025-22921" CVE_STATUS_WRONG_CPE[status] = "fixed-version: these CVEs are fixed in used version" +CVE_STATUS[CVE-2022-2566] = "fixed-version: these CVEs are fixed since v5.1.1" +CVE_STATUS[CVE-2025-9951] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-25468] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-25469] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-12343] = "fixed-version: this CVE are fixed since v8.0" +CVE_STATUS[CVE-2025-59729] = "fixed-version: this CVE are fixed since v8.0" +CVE_STATUS[CVE-2025-59730] = "fixed-version: this CVE are fixed since v8.0"
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb index 7bb7de3d25..b6d3ceb6dc 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_8.0.1.bb @@ -176,6 +176,10 @@ CVE_STATUS_GROUPS = "CVE_STATUS_WRONG_CPE" CVE_STATUS_WRONG_CPE = "CVE-2023-51791 CVE-2023-51793 CVE-2023-51794 CVE-2023-51795 CVE-2023-51796 CVE-2023-51797 CVE-2023-51798 CVE-2025-22921" CVE_STATUS_WRONG_CPE[status] = "fixed-version: these CVEs are fixed in used version" +CVE_STATUS[CVE-2022-2566] = "fixed-version: these CVEs are fixed since v5.1.1" +CVE_STATUS[CVE-2025-9951] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-25468] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-25469] = "fixed-version: these CVEs are fixed since v8.0" CVE_STATUS[CVE-2025-12343] = "fixed-version: this CVE are fixed since v8.0" +CVE_STATUS[CVE-2025-59729] = "fixed-version: this CVE are fixed since v8.0" +CVE_STATUS[CVE-2025-59730] = "fixed-version: this CVE are fixed since v8.0"