Could you also send this patch for master? Since the issue also exists in master, we'll need to fix it there before I can take the patch for the stable branches.
Thanks! Steve On Wed, Oct 16, 2024 at 3:17 AM aszh07 via lists.openembedded.org <[email protected]> wrote: > > Currently, CVE_PRODUCT only detects vulnerabilities where the product is > "ffmpeg". > > However, there are also vulnerabilities where the product is "libswresample", > and "libavcodec" as shown below. > https://app.opencve.io/vendors/?vendor=ffmpeg > > Therefore, add "libswresample libavcodec" to CVE_PRODUCT to detect > vulnerabilities > where the product is "libswresample libavcodec" as well. > > Signed-off-by: aszh07 <[email protected]> > --- > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > index 1295d5cdf1..022220b58f 100644 > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.1.bb > @@ -186,3 +186,5 @@ INSANE_SKIP:${MLPREFIX}libavutil = "textrel" > INSANE_SKIP:${MLPREFIX}libswscale = "textrel" > INSANE_SKIP:${MLPREFIX}libswresample = "textrel" > INSANE_SKIP:${MLPREFIX}libpostproc = "textrel" > + > +CVE_PRODUCT = "ffmpeg libswresample libavcodec" > -- > 2.17.1 > > > >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#205966): https://lists.openembedded.org/g/openembedded-core/message/205966 Mute This Topic: https://lists.openembedded.org/mt/109041180/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
