diff mbox series

[scarthgap,39/44] ffmpeg: ignore CVE-2025-1594

Message ID	d519ff0a9d8196e741a9bf3d4ce42819a5e1fb79.1771943404.git.yoann.congal@smile.fr
State	New
Headers	show Return-Path: <yoann.congal@smile.fr> ip: 209.85.221.48, mailfrom: yoann.congal@smile.fr) From: Yoann Congal <yoann.congal@smile.fr> To: openembedded-core@lists.openembedded.org Subject: [OE-core][scarthgap 39/44] ffmpeg: ignore CVE-2025-1594 Date: Tue, 24 Feb 2026 15:32:07 +0100 Message-ID: <d519ff0a9d8196e741a9bf3d4ce42819a5e1fb79.1771943404.git.yoann.congal@smile.fr> In-Reply-To: <cover.1771943404.git.yoann.congal@smile.fr> References: <cover.1771943404.git.yoann.congal@smile.fr> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[scarthgap,01/44] pseudo: Update to include a fix for systems with kernel <5.6 \| expand [scarthgap,01/44] pseudo: Update to include a fix for systems with kernel <5.6 [scarthgap,02/44] avahi: patch CVE-2025-68276 [scarthgap,03/44] avahi: patch CVE-2025-68468 [scarthgap,04/44] avahi: patch CVE-2025-68471 [scarthgap,05/44] avahi: patch CVE-2026-24401 [scarthgap,06/44] libsndfile1: patch CVE-2025-56226 [scarthgap,07/44] mobile-broadband-provider-info: upgrade 20240407 -> 20251101 [scarthgap,08/44] vim: ignore CVE-2025-66476 [scarthgap,09/44] wic/engine: fix copying directories into wic image with ext* partition [scarthgap,10/44] oeqa/selftest/wic: test recursive dir copy on ext partitions [scarthgap,11/44] linux-yocto/6.6: update to v6.6.112 [scarthgap,12/44] linux-yocto/6.6: update to v6.6.114 [scarthgap,13/44] linux-yocto/6.6: update to v6.6.116 [scarthgap,14/44] linux-yocto/6.6: update to v6.6.118 [scarthgap,15/44] linux-yocto/6.6: update to v6.6.119 [scarthgap,16/44] linux-yocto/6.6: update to v6.6.120 [scarthgap,17/44] linux-yocto/6.6: update to v6.6.123 [scarthgap,18/44] weston: fix a touch-calibrator issue [scarthgap,19/44] libevent: merge inherit statements [scarthgap,20/44] go 1.22.12: Fix CVE-2025-61730 [scarthgap,21/44] go 1.22.12: Fix CVE-2025-61726 [scarthgap,22/44] go 1.22.12: Fix CVE-2025-61728 [scarthgap,23/44] go 1.22.12: Fix CVE-2025-61731 [scarthgap,24/44] go 1.22.12: Fix CVE-2025-68119 [scarthgap,25/44] go 1.22.12: Fix CVE-2025-61732 [scarthgap,26/44] go 1.22.12: Fix CVE-2025-68121 [scarthgap,27/44] bind: Upgrade 9.18.41 -> 9.18.44 [scarthgap,28/44] spdx30_tasks: Exclude 'doc' when exporting PACKAGECONFIG to SPDX [scarthgap,29/44] go-vendor: Fix absolute paths issue [scarthgap,30/44] libpng: patch CVE-2026-25646 [scarthgap,31/44] classes/buildhistory: Do not sign buildhistory commits [scarthgap,32/44] openssl: fix CVE-2025-15468 [scarthgap,33/44] openssl: fix CVE-2025-69419 [scarthgap,34/44] scripts/install-buildtools: Update to 5.0.15 [scarthgap,35/44] wic/engine: error on old host debugfs for standalone directory copy [scarthgap,36/44] glib-2.0: patch CVE-2026-1484 [scarthgap,37/44] glib-2.0: patch CVE-2026-1485 [scarthgap,38/44] glib-2.0: patch CVE-2026-1489 [scarthgap,39/44] ffmpeg: ignore CVE-2025-1594 [scarthgap,40/44] libtheora: mark CVE-2024-56431 as not vulnerable yet [scarthgap,41/44] ffmpeg: set status of CVE-2025-25468 [scarthgap,42/44] gnupg: patch CVE-2025-68973 [scarthgap,43/44] alsa-lib: patch CVE-2026-25068 [scarthgap,44/44] u-boot: move CVE patches out of the common .inc file

Commit Message

Yoann Congal Feb. 24, 2026, 2:32 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This CVE was patched via c9a15206bae7f1e85dc3b8812eabb936a7e6d383

Patch was dropped during update to 6.1.4, however NVD DB does not have
this information so it re-appeared in CVE reports.

Set its status accordingly.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff mbox series

Patch

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
index c1536015d98..03ec637ddfa 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
@@ -48,7 +48,7 @@  CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wr
 CVE_STATUS[CVE-2025-1373]  = "fixed-version: Vulnerable code not present in any release"
 
 CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
-CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
+CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585 CVE-2025-1594"
 CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
 
 CVE_STATUS[CVE-2025-25469] = "cpe-incorrect: Current version (6.1.4) is not impacted."