> -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Yoann Congal via > lists.openembedded.org > Sent: Monday, February 23, 2026 18:05 > To: [email protected]; [email protected] > Subject: Re: [OE-core] [kirkstone][PATCH] ffmpeg: ignore CVE-2025-25469 > > On Mon Feb 23, 2026 at 5:54 PM CET, Colin McAllister via > lists.openembedded.org wrote: > > Missing free introduced by commit d38fc25 and fixed by commit d5873be. > > The first version tag that contains both commits is in n8.0, so no > > ffmpeg release is vulnerable. > > > > Signed-off-by: Colin Pinnell McAllister <[email protected]> > > Change-Id: I91f0aaad8ddcfaa2acac541470aebc9abe88b0d4 > Hello, > > This was already sent: https://lore.kernel.org/openembedded- > core/[email protected]/ > > I'm reviewing the kirkstone patches now, I will send this soon.
Hello Yoann, Thanks for updating the branch. I'm missing following patches from me in stable/kirkstone-nut * https://lists.openembedded.org/g/openembedded-core/message/229377 * https://lists.openembedded.org/g/openembedded-core/message/229378 * https://lists.openembedded.org/g/openembedded-core/message/229938 Also following patch for CVE currently open in metrics is missing: * https://lists.openembedded.org/g/openembedded-core/message/229875 The two libpng patches I'll rebase and resend later today. It's a bit hard to send patches without conflicts when the nut branch is being updated so infrequently... Thanks, Peter > > And, by the way, please remove the "Change-Id:" line. I guess it's a > by-product of you internal review tool? > > Thanks! > > --- > > meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb | 5 +++++ > > 1 file changed, 5 insertions(+) > > > > diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb b/meta/recipes- > multimedia/ffmpeg/ffmpeg_5.0.3.bb > > index d64b97e787..eb21cde89a 100644 > > --- a/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb > > +++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb > > @@ -105,6 +105,11 @@ CVE_CHECK_IGNORE += "CVE-2022-3341" > > # bugfix: > https://github.com/FFmpeg/FFmpeg/commit/28c83584e8f3cd747c1476a74cc2841 > d3d1fa7f3 > > CVE_CHECK_IGNORE += "CVE-2023-6603" > > > > +# Vulnerable code not present in any release > > +# introduced: > https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d38fc25519cf12a9212dadcba1258f > c176ffbade > > +# bugfix: > https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/d5873be583ada9e1fb887e2fe8dcfd > 4b12e0efcd > > +CVE_CHECK_IGNORE += "CVE-2025-25469" > > + > > # Build fails when thumb is enabled: > https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717 > > ARM_INSTRUCTION_SET:armv4 = "arm" > > ARM_INSTRUCTION_SET:armv5 = "arm" > > > -- > Yoann Congal > Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#231686): https://lists.openembedded.org/g/openembedded-core/message/231686 Mute This Topic: https://lists.openembedded.org/mt/117960328/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
