ffmpeg: Ignore two CVEs fixed in 5.0.3
These two CVEs were fixed via the 5.0.3 release, and the
backported patches that fixed them were subsequently left
behind (although not deleted) by
dadb16481810 ("ffmpeg:
upgrade 5.0.1 -> 5.0.3")
* CVE-2022-3109: An issue was discovered in the FFmpeg
package, where vp3_decode_frame in libavcodec/vp3.c lacks
check of the return value of av_malloc() and will cause a
null pointer dereference, impacting availability.
* CVE-2022-3341: A null pointer dereference issue was
discovered in 'FFmpeg' in decode_main_header() function of
libavformat/nutdec.c file. The flaw occurs because the
function lacks check of the return value of
avformat_new_stream() and triggers the null pointer
dereference error, causing an application to crash.
`bitbake ffmpeg` reports these two as "Unpatched".
Ignore them for now, until the NVD updates the versions where
these do not affect anymore.
Signed-off-by: Daniel Díaz <daniel.diaz@sonos.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
