mirror of
https://git.yoctoproject.org/poky
synced 2026-01-29 21:08:42 +01:00
081f4ecaed
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0 which is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at all. Debian & Bugzilla trackers have already marked as NOT-FOR-US/RESOLVED-INVALID. As it won't be affecting the ffmpeg package so, we can ignore the CVE-2023-39018 in ffmpeg recipe. References: https://github.com/bramp/ffmpeg-cli-wrapper https://github.com/FFmpeg/FFmpeg https://security-tracker.debian.org/tracker/CVE-2023-39018 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018 (From OE-Core rev: c21ed498b423c13463a4ae0bb475883cc7901847) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>