Details: https://nvd.nist.gov/vuln/detail/CVE-2020-37065
The vulnerability is about a 3rd party Windows-only GUI frontend for the streamripper library, and not for the CLI application that the recipe builds. Due to this ignore this CVE. Signed-off-by: Gyorgy Sarvari <[email protected]> --- .../recipes-multimedia/streamripper/streamripper_1.64.6.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb b/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb index 6014326826..1600d9d3ef 100644 --- a/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb +++ b/meta-multimedia/recipes-multimedia/streamripper/streamripper_1.64.6.bb @@ -30,3 +30,5 @@ EXTRA_OECONF += "\ # the included argv library needs this CPPFLAGS:append = " -DANSI_PROTOTYPES" + +CVE_STATUS[CVE-2020-37065] = "cpe-incorrect: the vulnerability is about a Windows frontend, not the CLI"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124569): https://lists.openembedded.org/g/openembedded-devel/message/124569 Mute This Topic: https://lists.openembedded.org/mt/117963799/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
