[scarthgap,3/9] gstreamer1.0: set status for CVE-2024-0444

Message ID	5ea630617daf0897e5a1edd7482f705e1e7997fe.1731530398.git.steve@sakoman.com
State	RFC
Delegated to:	Steve Sakoman
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.214.179, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 3/9] gstreamer1.0: set status for CVE-2024-0444 Date: Wed, 13 Nov 2024 12:42:18 -0800 Message-Id: <5ea630617daf0897e5a1edd7482f705e1e7997fe.1731530398.git.steve@sakoman.com> In-Reply-To: <cover.1731530398.git.steve@sakoman.com> References: <cover.1731530398.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,1/9] dropbear: backport patch for CVE-2023-48795 \| expand [scarthgap,1/9] dropbear: backport patch for CVE-2023-48795 [scarthgap,2/9] curl: patch CVE-2024-9681 [scarthgap,3/9] gstreamer1.0: set status for CVE-2024-0444 [scarthgap,4/9] expat: upgrade 2.6.3 -> 2.6.4 [scarthgap,5/9] cmake: Fix sporadic issues when determining compiler internals [scarthgap,6/9] pseudo: Fix envp bug and add posix_spawn wrapper [scarthgap,7/9] binutils: Add missing perl modules to RDEPENDS for nativesdk variant [scarthgap,8/9] enchant2: fix do_fetch error [scarthgap,9/9] libxml-parser-perl: fix do_fetch error

Message ID

5ea630617daf0897e5a1edd7482f705e1e7997fe.1731530398.git.steve@sakoman.com

State

RFC

Delegated to:

Steve Sakoman

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][scarthgap 3/9] gstreamer1.0: set status for CVE-2024-0444
Date: Wed, 13 Nov 2024 12:42:18 -0800
Message-Id: 
 <5ea630617daf0897e5a1edd7482f705e1e7997fe.1731530398.git.steve@sakoman.com>
In-Reply-To: <cover.1731530398.git.steve@sakoman.com>
References: <cover.1731530398.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[scarthgap,1/9] dropbear: backport patch for CVE-2023-48795 | expand

Commit Message

Steve Sakoman Nov. 13, 2024, 8:42 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9
via [1].
cpe product is set to gstreamer, they share source git repository.

[1] https://gitlab.freedesktop.org/gstreamer/gstreamer/-/commit/394d5066f8a7b728df02fe9084e955b2f7d7f6fe

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
index f4acb0977b..8486e258d5 100644
--- a/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
+++ b/meta/recipes-multimedia/gstreamer/gstreamer1.0_1.22.12.bb
@@ -71,4 +71,6 @@  RDEPENDS:${PN}-ptest:append:libc-glibc = " glibc-gconv-iso8859-5"
 
 CVE_PRODUCT = "gstreamer"
 
+CVE_STATUS[CVE-2024-0444] = "cpe-incorrect: this is patched in gstreamer1.0-plugins-bad in 1.22 branch since 1.22.9"
+
 PTEST_BUILD_HOST_FILES = ""

[scarthgap,3/9] gstreamer1.0: set status for CVE-2024-0444

Commit Message

Patch