diff mbox series

[meta-oe,2/4] libmad: ignore CVE-2017-11552 and CVE-2018-7263

Message ID 20250320231405.1693060-2-peter.marko@siemens.com
State Accepted
Headers show
Series [meta-oe,1/4] libmad: extend CVE_PRODUCT | expand

Commit Message

Peter Marko March 20, 2025, 11:14 p.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

These CVEs are for mpg321, not libmad.
See Debian assessment:
* https://security-tracker.debian.org/tracker/CVE-2017-11552
* https://security-tracker.debian.org/tracker/CVE-2018-7263

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta-oe/recipes-multimedia/libmad/libmad_0.15.1b.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta-oe/recipes-multimedia/libmad/libmad_0.15.1b.bb b/meta-oe/recipes-multimedia/libmad/libmad_0.15.1b.bb
index d7cd38fcbc..2d63f9a804 100644
--- a/meta-oe/recipes-multimedia/libmad/libmad_0.15.1b.bb
+++ b/meta-oe/recipes-multimedia/libmad/libmad_0.15.1b.bb
@@ -36,3 +36,6 @@  do_configure:prepend () {
 }
 
 ARM_INSTRUCTION_SET = "arm"
+
+CVE_STATUS[CVE-2017-11552] = "cpe-incorrect: this CVE is for mpg321, not libmad"
+CVE_STATUS[CVE-2018-7263] = "cpe-incorrect: this CVE is for mpg321, not libmad"