diff options
| author | Peter Marko <peter.marko@siemens.com> | 2026-02-20 18:40:37 +0100 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2026-02-27 17:45:07 +0000 |
| commit | 01a3d9d7aefe3c5351be9bd73005d06d537a00f6 (patch) | |
| tree | 8e0442b4e81f9fa2b2daf8a0c0c283652d2340ac /meta | |
| parent | d3ad12659af3fcd61e3ec80d4b43d6a22bce22f8 (diff) | |
| download | poky-01a3d9d7aefe3c5351be9bd73005d06d537a00f6.tar.gz | |
libtheora: mark CVE-2024-56431 as not vulnerable yet
CVE patch [1] aplies only on main branch which is base for 1.2.x.
Branch 1.1 has a different initial commit and does not contain
vulnerable code where the CVE patch applies.
Also Debian [2] marked 1.1 as not vulnerable.
[1] https://gitlab.xiph.org/xiph/theora/-/commit/5665f86b8fd8345bb09469990e79221562ac204b
[2] https://security-tracker.debian.org/tracker/CVE-2024-56431
(From OE-Core rev: 07f35d022b88ab4d297d0252f9909e252b7e4cfe)
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
| -rw-r--r-- | meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb index 5e94bc2975..2cbc6696eb 100644 --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | |||
| @@ -21,3 +21,5 @@ CVE_PRODUCT = "theora" | |||
| 21 | inherit autotools pkgconfig | 21 | inherit autotools pkgconfig |
| 22 | 22 | ||
| 23 | EXTRA_OECONF = "--disable-examples" | 23 | EXTRA_OECONF = "--disable-examples" |
| 24 | |||
| 25 | CVE_STATUS[CVE-2024-56431] = "fixed-version:branch 1.1 is not affected, vulnerable code is not present yet" | ||