From: Peter Marko <[email protected]> This CVE is marked as fixed by Debian. Extracting Debian jessie Debian sources [1] shows 4 commits uses for backports. All these commits are already included in current hash ([2]-[5]).
../tmp/work/core2-64-poky-linux/rtmpdump/2.4/git$ git log | grep 'commit \(10b580aabcec1621b25518271ba1ab2b018be88e\|...\|4312322107a94c81d3ec5b98f91bc6b923551dc5\)' commit 530f9bb2a02a78c1198fb2bf0293a12d225e4691 commit 4312322107a94c81d3ec5b98f91bc6b923551dc5 commit 39ec7eda489717d503bc4cbfaa591c93205695b6 commit 10b580aabcec1621b25518271ba1ab2b018be88e [1] https://snapshot.debian.org/archive/debian/20170704T094954Z/pool/main/r/rtmpdump/rtmpdump_2.4%2B20150115.gita107cef-1%2Bdeb8u1.debian.tar.xz [2] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/10b580aabcec1621b25518271ba1ab2b018be88e [3] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/39ec7eda489717d503bc4cbfaa591c93205695b6 [4] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/530f9bb2a02a78c1198fb2bf0293a12d225e4691 [5] https://git.ffmpeg.org/gitweb/rtmpdump.git/commitdiff/4312322107a94c81d3ec5b98f91bc6b923551dc5 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit d7758a8d0cf509e2d8db941ca4fd855c39beaafb) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) I have performed the above verification with the Kirkstone revision successfully. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb index aa92c58808..fab07c1416 100644 --- a/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb +++ b/meta-multimedia/recipes-multimedia/rtmpdump/rtmpdump_2.4.bb @@ -14,6 +14,9 @@ SRC_URI = " \ S = "${WORKDIR}/git" +# fixed-version: patched in current git hash +CVE_CHECK_IGNORE += "CVE-2015-8270 CVE-2015-8271 CVE-2015-8272" + inherit autotools-brokensep EXTRA_OEMAKE = " \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#121746): https://lists.openembedded.org/g/openembedded-devel/message/121746 Mute This Topic: https://lists.openembedded.org/mt/116311540/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
