mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-03-09 16:59:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

libtheora: mark CVE-2024-56431 as not vulnerable yet

Browse Source 
CVE patch [1] aplies only on main branch which is base for 1.2.x.
Branch 1.1 has a different initial commit and does not contain
vulnerable code where the CVE patch applies.

Also Debian [2] marked 1.1 as not vulnerable.

[1] 5665f86b8f
[2] https://security-tracker.debian.org/tracker/CVE-2024-56431

(From OE-Core rev: 07f35d022b88ab4d297d0252f9909e252b7e4cfe)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko
2026-02-20 18:40:37 +01:00
committed by Richard Purdie
parent d3ad12659a
commit 01a3d9d7ae
1 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb
View File

@@ -21,3 +21,5 @@ CVE_PRODUCT = "theora"
inherit autotools pkgconfig
EXTRA_OECONF = "--disable-examples"
CVE_STATUS[CVE-2024-56431] = "fixed-version:branch 1.1 is not affected, vulnerable code is not present yet"