[kirkstone,13/27] ffmpeg: fix CVE-2025-1373

Message ID	99cda92e387ca071c4235c14a137510a4fb481c2.1750195103.git.steve@sakoman.com
State	New
Headers	show Return-Path: <steve@sakoman.com> ip: 209.85.210.178, mailfrom: steve@sakoman.com) From: Steve Sakoman <steve@sakoman.com> To: openembedded-core@lists.openembedded.org Subject: [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373 Date: Tue, 17 Jun 2025 14:20:10 -0700 Message-ID: <99cda92e387ca071c4235c14a137510a4fb481c2.1750195103.git.steve@sakoman.com> In-Reply-To: <cover.1750195103.git.steve@sakoman.com> References: <cover.1750195103.git.steve@sakoman.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[kirkstone,01/27] Glibc: Fix for CVE-2025-4802 \| expand [kirkstone,01/27] Glibc: Fix for CVE-2025-4802 [kirkstone,02/27] python3-requests: fix CVE-2024-47081 [kirkstone,03/27] net-tools: patch CVE-2025-46836 [kirkstone,04/27] libsoup-2.4: Fix CVE-2025-2784 [kirkstone,05/27] libsoup: Fix CVE-2025-2784 [kirkstone,06/27] libsoup-2.4: Fix CVE-2025-32050 [kirkstone,07/27] libsoup: Fix CVE-2025-32050 [kirkstone,08/27] libsoup-2.4: Fix CVE-2025-32052 [kirkstone,09/27] libsoup: Fix CVE-2025-32052 [kirkstone,10/27] libsoup-2.4: Fix CVE-2025-32053 [kirkstone,11/27] libsoup: Fix CVE-2025-32053 [kirkstone,12/27] libsoup: Fix CVE-2025-46420 [kirkstone,13/27] ffmpeg: fix CVE-2025-1373 [kirkstone,14/27] ffmpeg: Add "libswresample libavcodec" to CVE_PRODUCT [kirkstone,15/27] scripts/install-buildtools: Update to 4.0.27 [kirkstone,16/27] babeltrace/libatomic-ops: correct the SRC_URI [kirkstone,17/27] libpng: Improve ptest [kirkstone,18/27] xz: Update LICENSE variable for xz packages [kirkstone,19/27] e2fsprogs: removed 'sed -u' option [kirkstone,20/27] glibc: pthreads NPTL lost wakeup fix 2 [kirkstone,21/27] glibc: nptl Update comments and indentation for new condvar implementation [kirkstone,22/27] glibc: nptl Remove unnecessary catch-all-wake in condvar group switch [kirkstone,23/27] glibc: nptl Remove unnecessary quadruple check in pthread_cond_wait [kirkstone,24/27] glibc: nptl Use a single loop in pthread_cond_wait instaed of a nested loop [kirkstone,25/27] glibc: nptl Fix indentation [kirkstone,26/27] glibc: nptl rename __condvar_quiesce_and_switch_g1 [kirkstone,27/27] glibc: nptl Use all of g1_start and g_signals

Message ID

99cda92e387ca071c4235c14a137510a4fb481c2.1750195103.git.steve@sakoman.com

State

New

Headers

From: Steve Sakoman <steve@sakoman.com>
To: openembedded-core@lists.openembedded.org
Subject: [OE-core][kirkstone 13/27] ffmpeg: fix CVE-2025-1373
Date: Tue, 17 Jun 2025 14:20:10 -0700
Message-ID: 
 <99cda92e387ca071c4235c14a137510a4fb481c2.1750195103.git.steve@sakoman.com>
In-Reply-To: <cover.1750195103.git.steve@sakoman.com>
References: <cover.1750195103.git.steve@sakoman.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[kirkstone,01/27] Glibc: Fix for CVE-2025-4802 | expand

Commit Message

Steve Sakoman June 17, 2025, 9:20 p.m. UTC

From: Colin Pinnell McAllister <colin.mcallister@garmin.com>

CVE-2025-1373 does not appear to affect ffmpeg 5.0.3. The CVE has been
added to the ignore list.

Signed-off-by: Colin Pinnell McAllister <colin.mcallister@garmin.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
index 4ae444258f..ae257a3926 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
@@ -81,6 +81,11 @@  CVE_CHECK_IGNORE += "CVE-2024-22862"
 # bugfix: https://github.com/FFmpeg/FFmpeg/commit/9903ba28c28ab18dc7b7b6fb8571cc8b5caae1a6
 CVE_CHECK_IGNORE += "CVE-2024-7272"
 
+# Vulnerable code not present in any release
+# introduced: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19f7dae81ab2c19643b97da7556383ee3f721e78
+# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
+CVE_CHECK_IGNORE += "CVE-2025-1373"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"

[kirkstone,13/27] ffmpeg: fix CVE-2025-1373

Commit Message

Patch