On Fri, Feb 6, 2026 at 4:17 AM Yoann Congal <[email protected]> wrote: > > On Thu Feb 5, 2026 at 4:10 PM CET, Yoann Congal wrote: > > On Mon Feb 2, 2026 at 5:08 AM CET, Ankur Tyagi via lists.openembedded.org > > wrote: > >> From: Ankur Tyagi <[email protected]> > >> > >> Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469 > >> > >> This vulnerability exists in IAMF (Immersive Audio Model and Formats > >> demuxer) > >> which was introduced in version 7.0 [1] > >> > >> $ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b > >> n7.0 > >> n7.0.1 > >> n7.0.2 > >> n7.0.3 > >> n7.1 > >> n7.1-dev > >> n7.1.1 > >> n7.1.2 > >> n7.1.3 > >> n7.2-dev > >> n8.0 > >> n8.0.1 > >> n8.1-dev > >> > >> [1] > >> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b > >> > >> Signed-off-by: Ankur Tyagi <[email protected]> > >> --- > >> meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 ++ > >> 1 file changed, 2 insertions(+) > > > > Hello, > > > > Thank you for the patch, I reviewed it and I'm OK with it. > > A precision though, it matches master and whinlatter patches "ffmpeg: ignore > 10 CVEs". > Your patch will have to wait that the master and whinlatter patches > merge. And that will be too late for 5.0.16. >
Sure, as long as it doesn't slip through the cracks :-) > > > > Can I ask you to contact NVD to try to get the CPE fixed? > > Good idea, I will reach out to NVD. cheers Ankur > > Thanks in advance, > > > > Regards, > > > -- > Yoann Congal > Smile ECS >
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#230588): https://lists.openembedded.org/g/openembedded-core/message/230588 Mute This Topic: https://lists.openembedded.org/mt/117591466/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
