MIRRORS/meta-openembedded
1
0
Fork 0
mirror of https://github.com/openembedded/meta-openembedded.git synced 2025-12-14 22:35:25 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

libao: ignore CVE-2017-11548

Browse Source 
Both Suse[1] and Debian[2] disputes that this is a vulnerability in libao.
Based on their investigation while an issue exists, it is not in libao, however
higher in the audio-toolchain, most likely in libmad or mpg321. There seem to
be nothing to be fixed about this in libao - ignore this CVE due to this.

[1]: https://bugzilla.suse.com/show_bug.cgi?id=1081767
[2]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=870608

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Gyorgy Sarvari 2025-11-23 19:47:08 +01:00 committed by Khem Raj
parent 53db086b35
commit a993eb8b93
No known key found for this signature in database
GPG Key ID: BB053355919D3314
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta-multimedia/recipes-multimedia/libao/libao_1.2.0.bb
View File

@ -31,3 +31,5 @@ PACKAGECONFIG ?= "${@bb.utils.filter('DISTRO_FEATURES', 'alsa pulseaudio', d)}"
PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
PACKAGECONFIG[pulseaudio] = "--enable-pulse,--disable-pulse,pulseaudio"
FILES:${BPN}-ckport = "${libdir}/ckport"
CVE_STATUS[CVE-2017-11548] = "disputed: the referenced vulnerability is not in libao"