Message ID | 20240930073632.23711-1-shin.matsunaga@fujitsu.com |
---|---|
State | New |
Headers | show |
Series | ffmpeg: Add libswresample to CVE_PRODUCT | expand |
On Mon, 2024-09-30 at 16:36 +0900, Shinji Matsunaga wrote: > Currently, CVE_PRODUCT only detects vulnerabilities where the product > is "ffmpeg". > > However, there are also vulnerabilities where the product is > "libswresample", as shown below. > https://app.opencve.io/cve/?vendor=ffmpeg&product=libswresample > > Therefore, add "libswresample" to CVE_PRODUCT to detect > vulnerabilities > where the product is "libswresample" as well. > > Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com> > --- > meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb > b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb > index 9e60b5cd23..d80fe03794 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb > @@ -190,3 +190,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" > INSANE_SKIP:${MLPREFIX}libswscale = "textrel" > INSANE_SKIP:${MLPREFIX}libswresample = "textrel" > INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" > + > +CVE_PRODUCT:append = " libswresample" Please just use +=, there is no need for append here. Cheers, Richard
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb index 9e60b5cd23..d80fe03794 100644 --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb @@ -190,3 +190,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" INSANE_SKIP:${MLPREFIX}libswscale = "textrel" INSANE_SKIP:${MLPREFIX}libswresample = "textrel" INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" + +CVE_PRODUCT:append = " libswresample"
Currently, CVE_PRODUCT only detects vulnerabilities where the product is "ffmpeg". However, there are also vulnerabilities where the product is "libswresample", as shown below. https://app.opencve.io/cve/?vendor=ffmpeg&product=libswresample Therefore, add "libswresample" to CVE_PRODUCT to detect vulnerabilities where the product is "libswresample" as well. Signed-off-by: Shinji Matsunaga <shin.matsunaga@fujitsu.com> --- meta/recipes-multimedia/ffmpeg/ffmpeg_7.0.2.bb | 2 ++ 1 file changed, 2 insertions(+)