mirror of
https://git.yoctoproject.org/poky
synced 2026-03-29 23:02:20 +02:00
ebab982e97
CVE-2023-39018 belongs to ffmpeg-cli-wrapper (Java wrapper around the FFmpeg CLI) and not ffmpeg itself. As per CVE description, it is mentioned as FFmpeg 0.7.0 which is the version for ffmpeg-cli-wrapper and ffmpeg don't have 0.7.0 version at all. Debian & Bugzilla trackers have already marked as NOT-FOR-US/RESOLVED-INVALID. As it won't be affecting the ffmpeg package so, we can ignore the CVE-2023-39018 in ffmpeg recipe. References: https://github.com/bramp/ffmpeg-cli-wrapper https://github.com/FFmpeg/FFmpeg https://security-tracker.debian.org/tracker/CVE-2023-39018 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2023-39018 Upstream master patch: https://git.openembedded.org/openembedded-core/commit/?id=c21ed498b423c13463a4ae0bb475883cc7901847 (From OE-Core rev: d1c087713add2d780b4978b9d7ec33d514d68cd4) Signed-off-by: Narpat Mali <narpat.mali@windriver.com> Signed-off-by: Steve Sakoman <steve@sakoman.com>