ffmpeg: fix CVE-2025-1373

author Colin Pinnell McAllister <colin.mcallister@garmin.com>

Mon, 16 Jun 2025 15:49:34 +0000 (10:49 -0500)

committer Steve Sakoman <steve@sakoman.com>

Mon, 16 Jun 2025 16:46:24 +0000 (09:46 -0700)
author Colin Pinnell McAllister <colin.mcallister@garmin.com>
Mon, 16 Jun 2025 15:49:34 +0000 (10:49 -0500)
committer Steve Sakoman <steve@sakoman.com>
Mon, 16 Jun 2025 16:46:24 +0000 (09:46 -0700)
diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb

index 04356b9932a886cc036c51a9f473fe907c60a7a8..a789980dde7e9bc0ab36af3fe98004e4f56195fc 100644 (file)
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.2.bb
@@ -55,6 +55,10 @@ SRC_URI[sha256sum] = "3b624649725ecdc565c903ca6643d41f33bd49239922e45c9b1442c63d
  CVE_STATUS[CVE-2023-39018] = "cpe-incorrect: This issue belongs to ffmpeg-cli-wrapper \
  (Java wrapper around the FFmpeg CLI) and not ffmepg itself."
  
+# Introduced: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/19f7dae81ab2c19643b97da7556383ee3f721e78
+# Fixed: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/43be8d07281caca2e88bfd8ee2333633e1fb1a13
+CVE_STATUS[CVE-2025-1373]  = "fixed-version: Vulnerable code not present in any release"
+
  # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
  ARM_INSTRUCTION_SET:armv4 = "arm"
  ARM_INSTRUCTION_SET:armv5 = "arm"
author	Colin Pinnell McAllister <colin.mcallister@garmin.com>
	Mon, 16 Jun 2025 15:49:34 +0000 (10:49 -0500)
committer	Steve Sakoman <steve@sakoman.com>
	Mon, 16 Jun 2025 16:46:24 +0000 (09:46 -0700)