| Message ID | 20240924064159.54094-1-nikhilr5@kpit.com |
|---|---|
| State | New |
| Headers | show |
| Series | [kirkstone] ffmpeg: Ignore CVE-2023-46407 | expand |
Since this is an error in the CVE database you should send an email to cpe_dictionary@nist.gov requesting that they correct the error. Please provide supporting information in the request. This is our preferred solution. Thanks! Steve On Mon, Sep 23, 2024 at 11:42 PM Nikhil via lists.openembedded.org <nikhil.r=kpit.com@lists.openembedded.org> wrote: > > From: Nikhil R <nikhil.r@kpit.com> > > Ignore CVE-2023-46407 as Vulnerable code > introduced later than 5.0.1 version > > Introduced by: > https://github.com/FFmpeg/FFmpeg/commit/f7ac3512f5b5cb8eb149f37300b43461d8e93af3 > > Debian link: https://security-tracker.debian.org/tracker/CVE-2023-46407 > > Signed-off-by: Nikhil R <nikhil.r@kpit.com> > --- > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 1295d5cdf1..c0121edc7d 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -39,6 +39,10 @@ SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a > # https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018 > CVE_CHECK_IGNORE += "CVE-2023-39018" > > +# CVE-2023-46407 was introduced in 6.1 version of ffmpeg > +# Vulnerable code introduced later than 5.0.1 Version > +CVE_CHECK_IGNORE += "CVE-2023-46407" > + > # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 > ARM_INSTRUCTION_SET:armv4 = "arm" > ARM_INSTRUCTION_SET:armv5 = "arm" > -- > 2.25.1 > > This message contains information that may be privileged or confidential and is the property of the KPIT Technologies Ltd. It is intended only for the person to whom it is addressed. If you are not the intended recipient, you are not authorized to read, print, retain copy, disseminate, distribute, or use this message or any part thereof. If you receive this message in error, please notify the sender immediately and delete all copies of this message. KPIT Technologies Ltd. does not accept any liability for virus infected mails. > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#204835): https://lists.openembedded.org/g/openembedded-core/message/204835 > Mute This Topic: https://lists.openembedded.org/mt/108624121/3620601 > Group Owner: openembedded-core+owner@lists.openembedded.org > Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [steve@sakoman.com] > -=-=-=-=-=-=-=-=-=-=-=- >
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb index 1295d5cdf1..c0121edc7d 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb @@ -39,6 +39,10 @@ SRC_URI[sha256sum] = "ef2efae259ce80a240de48ec85ecb062cecca26e4352ffb3fda562c21a # https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018 CVE_CHECK_IGNORE += "CVE-2023-39018" +# CVE-2023-46407 was introduced in 6.1 version of ffmpeg +# Vulnerable code introduced later than 5.0.1 Version +CVE_CHECK_IGNORE += "CVE-2023-46407" + # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 ARM_INSTRUCTION_SET:armv4 = "arm" ARM_INSTRUCTION_SET:armv5 = "arm"