ffmpeg: Ignore two CVEs fixed in 5.0.3

These two CVEs were fixed via the 5.0.3 release, and the
backported patches that fixed them were subsequently left
behind (although not deleted) by dadb16481810 ("ffmpeg:
upgrade 5.0.1 -> 5.0.3")

* CVE-2022-3109: An issue was discovered in the FFmpeg
  package, where vp3_decode_frame in libavcodec/vp3.c lacks
  check of the return value of av_malloc() and will cause a
  null pointer dereference, impacting availability.

* CVE-2022-3341: A null pointer dereference issue was
  discovered in 'FFmpeg' in decode_main_header() function of
  libavformat/nutdec.c file. The flaw occurs because the
  function lacks check of the return value of
  avformat_new_stream() and triggers the null pointer
  dereference error, causing an application to crash.

`bitbake ffmpeg` reports these two as "Unpatched".

Ignore them for now, until the NVD updates the versions where
these do not affect anymore.

(From OE-Core rev: 78aef4b1002c515aa2c1a64fea5bb013c9bc86a8)

Signed-off-by: Daniel Díaz <daniel.diaz@sonos.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-multimedia/ffmpeg/ffmpeg_5.0.3.bb

@@ -90,6 +90,12 @@ CVE_CHECK_IGNORE += "CVE-2025-1373"
 # bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/3bc28e9d1ab33627cea3c632dd6b0c33e22e93ba
 CVE_CHECK_IGNORE += "CVE-2022-48434"
 
+# These two vulnerabilities were fixed in 5.0.3
+# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/2cdddcd6ec90c7a248ffe792d85faa4d89eab9f7
+CVE_CHECK_IGNORE += "CVE-2022-3109"
+# bugfix: https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/481e81be1271ac9a0124ee615700390c2371bd89
+CVE_CHECK_IGNORE += "CVE-2022-3341"
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"