id3lib: mark CVE-2007-4460 as fixed

This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in SRC_URI. Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2. This can be verified by checking the debian/changelog within this patch or diffing [1] and [2] and verifying that this can be reverse-applied. [1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz [2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit 9fff0040f1694b09c6c68cf59615f42d801d62f5) Adapted to Kirkstone (CVE_STATUS -> CVE_CHECK_IGNORE) Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
author: Peter Marko <peter.marko@siemens.com> 2025-10-27 15:15:54 +0100
committer: Gyorgy Sarvari <skandigraun@gmail.com> 2025-10-27 18:08:19 +0100
commit: 6ca1fde08bd5cf58e147d42dc0e044191fb34d04 (patch)
tree: df12a7deff3dea6bbf87bf84024408fdbafacafd
parent: 12a04da1b8e44b9a148cd023b2c68d5705282716 (diff)
download: meta-openembedded-6ca1fde08bd5cf58e147d42dc0e044191fb34d04.tar.gz
1 files changed, 3 insertions, 0 deletions
diff --git a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
index a7d645f59f..20a03bdbe0 100644
--- a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
+++ b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
@@ -15,6 +15,9 @@ SRC_URI[archive.sha256sum] = "2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b687
 SRC_URI[patch.md5sum] = "997c764d3be11c9a51779d93facf1118"
 SRC_URI[patch.sha256sum] = "ac2ee23ec89ba2af51d2c6dd5b1b6bf9f8a9f813de251bc182941439a4053176"
+#patched: fix is included in debian patch
+CVE_CHECK_IGNORE += "CVE-2007-4460"
 inherit autotools
 # Unlike other Debian packages, id3lib*.diff.gz contains another series of
author	Peter Marko <peter.marko@siemens.com>	2025-10-27 15:15:54 +0100
committer	Gyorgy Sarvari <skandigraun@gmail.com>	2025-10-27 18:08:19 +0100
commit	6ca1fde08bd5cf58e147d42dc0e044191fb34d04 (patch)
tree	df12a7deff3dea6bbf87bf84024408fdbafacafd
parent	12a04da1b8e44b9a148cd023b2c68d5705282716 (diff)
download	meta-openembedded-6ca1fde08bd5cf58e147d42dc0e044191fb34d04.tar.gz

diff --git a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb index a7d645f59f..20a03bdbe0 100644 --- a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb +++ b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb
@@ -15,6 +15,9 @@ SRC_URI[archive.sha256sum] = "2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b687
15	SRC_URI[patch.md5sum] = "997c764d3be11c9a51779d93facf1118"	15	SRC_URI[patch.md5sum] = "997c764d3be11c9a51779d93facf1118"
16	SRC_URI[patch.sha256sum] = "ac2ee23ec89ba2af51d2c6dd5b1b6bf9f8a9f813de251bc182941439a4053176"	16	SRC_URI[patch.sha256sum] = "ac2ee23ec89ba2af51d2c6dd5b1b6bf9f8a9f813de251bc182941439a4053176"
17		17
		18	#patched: fix is included in debian patch
		19	CVE_CHECK_IGNORE += "CVE-2007-4460"
		20
18	inherit autotools	21	inherit autotools
19		22
20	# Unlike other Debian packages, id3lib*.diff.gz contains another series of	23	# Unlike other Debian packages, id3lib*.diff.gz contains another series of