diff options
| author | Gyorgy Sarvari <skandigraun@gmail.com> | 2025-11-23 19:47:08 +0100 |
|---|---|---|
| committer | Khem Raj <raj.khem@gmail.com> | 2025-11-23 17:58:13 -0800 |
| commit | a993eb8b93f16e3a16c9a1ab2eb0939cb2331593 (patch) | |
| tree | 7a9a6f2a6ccaa7924b2f772f590d8ceecd216f47 | |
| parent | 53db086b3504fe9e92b39e5a74fe0ec760f28ed2 (diff) | |
| download | meta-openembedded-a993eb8b93f16e3a16c9a1ab2eb0939cb2331593.tar.gz | |
libao: ignore CVE-2017-11548
Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao.
Based on their investigation while an issue exists, it is not in libao, however
higher in the audio-toolchain, most likely in libmad or mpg321. There seem to
be nothing to be fixed about this in libao - ignore this CVE due to this.
[1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
| -rw-r--r-- | meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb index 233b890711..42c0934b2e 100644 --- a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb +++ b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb | |||
| @@ -31,3 +31,5 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio', d)}" | |||
| 31 | PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" | 31 | PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" |
| 32 | PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio" | 32 | PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio" |
| 33 | FILES:${BPN}-ckport = "${libdir}/ckport" | 33 | FILES:${BPN}-ckport = "${libdir}/ckport" |
| 34 | |||
| 35 | CVE_STATUS[CVE-2017-11548] = "disputed: the referenced vulnerability is not in libao" | ||