mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-06-21 13:54:22 +02:00
Code Issues Packages Projects Releases Wiki Activity
76,024 Commits 38 Branches 625 Tags
fb0a4eb7a8aa94deffd46c4611175dee4ffe2d07
Commit Graph

6 Commits

Author SHA1 Message Date
Peter Marko
e254ea69aa ffmpeg: set status for CVE-2025-12343 
Per [1] is patch for this CVE [2].
This is equivalent of [3] which is included in n6.1.3.

[1] https://security-tracker.debian.org/tracker/CVE-2025-12343
[2] b8d5f65b9e
[3] 6250ed77a6

(From OE-Core rev: b839647eb0627598a9e1667d18802b6b03637abf)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-03-16 10:22:06 +00:00
Peter Marko
ab4bfcb9d5 ffmpeg: set status for CVE-2025-10256 
Per [1] is patch for this CVE [2].
This is equivalent of [3] which is included in n6.1.3.

[1] https://nvd.nist.gov/vuln/detail/CVE-2025-10256
[2] a25462482c
[3] 00b5af29a4

(From OE-Core rev: 8a24195c27d440fa851da555f1147230564674b0)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-03-16 10:22:06 +00:00
Peter Marko
74492c96b7 ffmpeg: set status of CVE-2025-25468 
This vulnerability was introduced in v8.0.
This can be seen by blaming fix [1] (linked from NVD report [3]) is
showing that the return without freeing memory was introduced in [2].

[1] d5873be583
[2] d38fc25519
[3] https://nvd.nist.gov/vuln/detail/CVE-2025-25468

(From OE-Core rev: 2915986318230846e1b513b4cf3d9ba62a5b8cb9)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-02-27 17:45:07 +00:00
Peter Marko
d3ad12659a ffmpeg: ignore CVE-2025-1594 
This CVE was patched via c9a15206bae7f1e85dc3b8812eabb936a7e6d383

Patch was dropped during update to 6.1.4, however NVD DB does not have
this information so it re-appeared in CVE reports.

Set its status accordingly.

(From OE-Core rev: 26e32dccade107101992dd81f387696c993d47aa)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-02-27 17:45:07 +00:00
Ankur Tyagi
b617f833e5 ffmpeg: ignore CVE-2025-25469 
Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469

This vulnerability exists in IAMF (Immersive Audio Model and Formats demuxer)
which was introduced in version 7.0 [1]

$ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
n7.0
n7.0.1
n7.0.2
n7.0.3
n7.1
n7.1-dev
n7.1.1
n7.1.2
n7.1.3
n7.2-dev
n8.0
n8.0.1
n8.1-dev

[1] 4ee05182b7

(From OE-Core rev: 935bd46fab333a29a8bf4bb511fb55d5d02b3a71)

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-02-16 09:52:35 +00:00
Ankur Tyagi
b8600b66e4 ffmpeg: upgrade 6.1.3 -> 6.1.4 
Dropped patches that are part of the upstream version.

Changelog:
34277e12e8:/Changelog

(From OE-Core rev: f9f054faca45a08507b510c8982f170edd6bf83a)

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
 2026-02-16 09:52:35 +00:00