[OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469

public inbox for openembedded-core@lists.openembedded.org
 help / color / mirror / Atom feed

From: ankur.tyagi85@gmail.com
To: openembedded-core@lists.openembedded.org
Cc: Ankur Tyagi <ankur.tyagi85@gmail.com>
Subject: [OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469
Date: Mon,  2 Feb 2026 17:08:04 +1300	[thread overview]
Message-ID: <20260202040805.596021-2-ankur.tyagi85@gmail.com> (raw)
In-Reply-To: <20260202040805.596021-1-ankur.tyagi85@gmail.com>

From: Ankur Tyagi <ankur.tyagi85@gmail.com>

Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469

This vulnerability exists in IAMF (Immersive Audio Model and Formats demuxer)
which was introduced in version 7.0 [1]

$ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
n7.0
n7.0.1
n7.0.2
n7.0.3
n7.1
n7.1-dev
n7.1.1
n7.1.2
n7.1.3
n7.2-dev
n8.0
n8.0.1
n8.1-dev

[1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b

Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
---
 meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
index 8b0b7cfd6e..c1536015d9 100644
--- a/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
+++ b/meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb
@@ -51,6 +51,8 @@ CVE_STATUS_GROUPS += "CVE_STATUS_FIXED_61x"
 CVE_STATUS_FIXED_61x = "CVE-2023-49502 CVE-2023-50007 CVE-2023-50008 CVE-2023-50009 CVE-2023-50010 CVE-2024-31578 CVE-2024-31582 CVE-2024-31585"
 CVE_STATUS_FIXED_61x[status] = "cpe-incorrect:these CVEs are fixed in 6.1.x"
 
+CVE_STATUS[CVE-2025-25469] = "cpe-incorrect: Current version (6.1.4) is not impacted."
+
 # Build fails when thumb is enabled: https://bugzilla.yoctoproject.org/show_bug.cgi?id=7717
 ARM_INSTRUCTION_SET:armv4 = "arm"
 ARM_INSTRUCTION_SET:armv5 = "arm"

next prev parent reply	other threads:[~2026-02-02  4:08 UTC|newest]

Thread overview: 9+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2026-02-02  4:08 [OE-core][scarthgap][PATCH 1/3] ffmpeg: upgrade 6.1.3 -> 6.1.4 ankur.tyagi85
2026-02-02  4:08 ` ankur.tyagi85 [this message]
2026-02-05 15:10   ` [OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469 Yoann Congal
2026-02-05 15:17     ` Yoann Congal
2026-02-05 22:16       ` Ankur Tyagi
2026-02-02  4:08 ` [OE-core][scarthgap][PATCH 3/3] vim: ignore CVE-2025-66476 ankur.tyagi85
2026-02-05  9:59   ` Yoann Congal
2026-02-16 10:10     ` [scarthgap][PATCH " Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-16 10:46       ` [OE-core] " Yoann Congal

find likely ancestor, descendant, or conflicting patches for this message:
( dfblob:8b0b7cfd6 dfblob:c1536015d )
 OR (
bs:"[OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469" )
	(help)

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20260202040805.596021-2-ankur.tyagi85@gmail.com \
    --to=ankur.tyagi85@gmail.com \
    --cc=openembedded-core@lists.openembedded.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox