Re: [OE-core] [kirkstone][PATCH] ffmpeg: ignore CVE-2025-25469

Mon, 23 Feb 2026 09:04:57 -0800 

On Mon Feb 23, 2026 at 5:54 PM CET, Colin McAllister via lists.openembedded.org 
wrote:
> Missing free introduced by commit d38fc25 and fixed by commit d5873be.
> The first version tag that contains both commits is in n8.0, so no
> ffmpeg release is vulnerable.
>
> Signed-off-by: Colin Pinnell McAllister <[email protected]>
> Change-Id: I91f0aaad8ddcfaa2acac541470aebc9abe88b0d4
Hello,

This was already sent: 
https://lore.kernel.org/openembedded-core/[email protected]/

I'm reviewing the kirkstone patches now, I will send this soon.

And, by the way, please remove the "Change-Id:" line. I guess it's a
by-product of you internal review tool?

Thanks!
> ---
>  meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++
>  1 file changed, 5 insertions(+)
>
> diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb 
> b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
> index d64b97e787..eb21cde89a 100644
> --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
> +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb
> @@ -105,6 +105,11 @@ CVE_CHECK_IGNORE += "CVE-2022-3341"
>  # bugfix: 
> https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841d3d1fa7f3
>  CVE_CHECK_IGNORE += "CVE-2023-6603"
>  
> +# Vulnerable code not present in any release
> +# introduced: 
> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258fc176ffbade
> +# bugfix: 
> https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd4b12e0efcd
> +CVE_CHECK_IGNORE += "CVE-2025-25469"
> +
>  # Build fails when thumb is enabled: 
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
>  ARM_INSTRUCTION_SET:armv4 = "arm"
>  ARM_INSTRUCTION_SET:armv5 = "arm"


-- 
Yoann Congal
Smile ECS


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#231684): 
https://lists.openembedded.org/g/openembedded-core/message/231684
Mute This Topic: https://lists.openembedded.org/mt/117960328/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to