[meta-oe,03/15] id3lib: mark CVE-2007-4460 as fixed

Message ID	20241227105615.3303193-4-peter.marko@siemens.com
State	Under Review
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.228, mailfrom: fm-256628-2024122710572963bd6939eb918a7565-e45saa@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-devel@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [meta-oe][PATCH 03/15] id3lib: mark CVE-2007-4460 as fixed Date: Fri, 27 Dec 2024 11:56:03 +0100 Message-Id: <20241227105615.3303193-4-peter.marko@siemens.com> In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com> References: <20241227105615.3303193-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	4th series for meta-openembedded master \| expand [meta-oe,00/15] 4th series for meta-openembedded master [meta-oe,01/15] uw-imap: patch CVE-2018-19518 [meta-networking,02/15] spice: set CVE-2016-2150 status to fixed [meta-oe,03/15] id3lib: mark CVE-2007-4460 as fixed [meta-oe,04/15] procmail: patch CVE-2014-3618 [meta-oe,05/15] procmail: patch CVE-2017-16844. [meta-oe,06/15] imagemagick: refactor so devtool upgrade works [meta-oe,07/15] imagemagick: upgrade 7.1.1-26 -> 7.1.1-43 [meta-oe,08/15] imagemagick: mark CVE-2023-5341 as fixed [meta-oe,09/15] libwmf; switched to unofficial fork [meta-oe,10/15] limwmf: upgrade 0.2.8.4 -> 0.2.13 [meta-oe,11/15] audiofile: fix multiple CVEs [meta-oe,12/15] audiofile: patch CVE-2017-6829 [meta-oe,13/15] audiofile: fix multiple CVEs [meta-oe,14/15] audiofile: patch CVE-2017-6831 [meta-oe,15/15] audiofile: patch CVE-2017-6839

Message ID

20241227105615.3303193-4-peter.marko@siemens.com

State

Under Review

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-devel@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [meta-oe][PATCH 03/15] id3lib: mark CVE-2007-4460 as fixed
Date: Fri, 27 Dec 2024 11:56:03 +0100
Message-Id: <20241227105615.3303193-4-peter.marko@siemens.com>
In-Reply-To: <20241227105615.3303193-1-peter.marko@siemens.com>
References: <20241227105615.3303193-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

4th series for meta-openembedded master | expand

Commit Message

Peter Marko Dec. 27, 2024, 10:56 a.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in
SRC_URI.
Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2.
This can be verified by checking the debian/changelog within this patch
or diffing [1] and [2] and verifying that this can be reverse-applied.

[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz
[2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
index 379c7e1b63..7ae262345b 100644
--- a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
+++ b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
@@ -14,6 +14,8 @@  SRC_URI[archive.sha256sum] = "2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b687
 SRC_URI[patch.md5sum] = "997c764d3be11c9a51779d93facf1118"
 SRC_URI[patch.sha256sum] = "ac2ee23ec89ba2af51d2c6dd5b1b6bf9f8a9f813de251bc182941439a4053176"
 
+CVE_STATUS[CVE-2007-4460] = "patched: fix is included in debian patch"
+
 inherit autotools
 
 # Unlike other Debian packages, id3lib*.diff.gz contains another series of

[meta-oe,03/15] id3lib: mark CVE-2007-4460 as fixed

Commit Message

Patch