On Thu Feb 5, 2026 at 4:10 PM CET, Yoann Congal wrote: > On Mon Feb 2, 2026 at 5:08 AM CET, Ankur Tyagi via lists.openembedded.org > wrote: >> From: Ankur Tyagi <[email protected]> >> >> Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469 >> >> This vulnerability exists in IAMF (Immersive Audio Model and Formats demuxer) >> which was introduced in version 7.0 [1] >> >> $ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b >> n7.0 >> n7.0.1 >> n7.0.2 >> n7.0.3 >> n7.1 >> n7.1-dev >> n7.1.1 >> n7.1.2 >> n7.1.3 >> n7.2-dev >> n8.0 >> n8.0.1 >> n8.1-dev >> >> [1] >> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b >> >> Signed-off-by: Ankur Tyagi <[email protected]> >> --- >> meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 ++ >> 1 file changed, 2 insertions(+) > > Hello, > > Thank you for the patch, I reviewed it and I'm OK with it.
A precision though, it matches master and whinlatter patches "ffmpeg: ignore 10 CVEs". Your patch will have to wait that the master and whinlatter patches merge. And that will be too late for 5.0.16. > > Can I ask you to contact NVD to try to get the CPE fixed? > > Thanks in advance, > > Regards, -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230582): https://lists.openembedded.org/g/openembedded-core/message/230582 Mute This Topic: https://lists.openembedded.org/mt/117591466/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
