libao: ignore CVE-2017-11548

Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao. Based on their investigation while an issue exists, it is not in libao, however higher in the audio-toolchain, most likely in libmad or mpg321. There seem to be nothing to be fixed about this in libao - ignore this CVE due to this. [1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767 [2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com> (cherry picked from commit a993eb8b93f16e3a16c9a1ab2eb0939cb2331593) Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
author: Gyorgy Sarvari <skandigraun@gmail.com> 2025-11-23 19:47:08 +0100
committer: Anuj Mittal <anuj.mittal@oss.qualcomm.com> 2025-12-17 13:57:07 +0530
commit: ed5715bcc74637a4eae7a5b4b7626dbb8785ef01 (patch)
tree: 87bdcc73cd5700236163eec51cece1b5dd3f55a2
parent: 9aeb214c5147d6b9923562da48b9eb6f3d825ae1 (diff)
download: meta-openembedded-ed5715bcc74637a4eae7a5b4b7626dbb8785ef01.tar.gz
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb
index 233b890711..42c0934b2e 100644
--- a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb
+++ b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb
@@ -31,3 +31,5 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio', d)}"
 PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
 PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio"
 FILES:${BPN}-ckport = "${libdir}/ckport"
+CVE_STATUS[CVE-2017-11548] = "disputed: the referenced vulnerability is not in libao"
author	Gyorgy Sarvari <skandigraun@gmail.com>	2025-11-23 19:47:08 +0100
committer	Anuj Mittal <anuj.mittal@oss.qualcomm.com>	2025-12-17 13:57:07 +0530
commit	ed5715bcc74637a4eae7a5b4b7626dbb8785ef01 (patch)
tree	87bdcc73cd5700236163eec51cece1b5dd3f55a2
parent	9aeb214c5147d6b9923562da48b9eb6f3d825ae1 (diff)
download	meta-openembedded-ed5715bcc74637a4eae7a5b4b7626dbb8785ef01.tar.gz

diff --git a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb index 233b890711..42c0934b2e 100644 --- a/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb +++ b/meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb
@@ -31,3 +31,5 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio', d)}"
31	PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"	31	PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
32	PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio"	32	PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio"
33	FILES:${BPN}-ckport = "${libdir}/ckport"	33	FILES:${BPN}-ckport = "${libdir}/ckport"
		34
		35	CVE_STATUS[CVE-2017-11548] = "disputed: the referenced vulnerability is not in libao"