CVE_STATUS is not yet supported in kirkstone, I'll submit a v2 shortly. Peter
> -----Original Message----- > From: [email protected] <openembedded- > [email protected]> On Behalf Of Peter Marko via > lists.openembedded.org > Sent: Monday, March 23, 2026 8:29 PM > To: [email protected] > Cc: Marko, Peter (FT D EU SK BFS1) <[email protected]> > Subject: [OE-core] [kirkstone][PATCH] libtheora: mark CVE-2024-56431 as not > vulnerable yet > > From: Peter Marko <[email protected]> > > CVE patch [1] aplies only on main branch which is base for 1.2.x. > Branch 1.1 has a different initial commit and does not contain > vulnerable code where the CVE patch applies. > > Also Debian [2] marked 1.1 as not vulnerable. > > [1] https://gitlab.xiph.org/xiph/theora/- > /commit/5665f86b8fd8345bb09469990e79221562ac204b > [2] https://security-tracker.debian.org/tracker/CVE-2024-56431 > > Signed-off-by: Peter Marko <[email protected]> > Signed-off-by: Yoann Congal <[email protected]> > Signed-off-by: Paul Barker <[email protected]> > > Picked from scarthgap commit 07f35d022b88ab4d297d0252f9909e252b7e4cfe > > Signed-off-by: Peter Marko <[email protected]> > --- > meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb > b/meta/recipes- > multimedia/libtheora/libtheora_1.1.1.bb > index ad0be85559b..7bb08a70162 100644 > --- a/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb > +++ b/meta/recipes-multimedia/libtheora/libtheora_1.1.1.bb > @@ -22,3 +22,5 @@ CVE_PRODUCT = "theora" > inherit autotools pkgconfig > > EXTRA_OECONF = "--disable-examples" > + > +CVE_STATUS[CVE-2024-56431] = "fixed-version:branch 1.1 is not affected, > vulnerable code is not present yet"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233755): https://lists.openembedded.org/g/openembedded-core/message/233755 Mute This Topic: https://lists.openembedded.org/mt/118471626/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
