From: "Yoann Congal" <yoann.congal@smile.fr>
To: "Yoann Congal" <yoann.congal@smile.fr>, <ankur.tyagi85@gmail.com>,
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469
Date: Thu, 05 Feb 2026 16:17:10 +0100 [thread overview]
Message-ID: <DG74M83PX9AC.3S1J2YE0AX38T@smile.fr> (raw)
In-Reply-To: <DG74H88QW53S.32HY2RYC20ZF5@smile.fr>
On Thu Feb 5, 2026 at 4:10 PM CET, Yoann Congal wrote:
> On Mon Feb 2, 2026 at 5:08 AM CET, Ankur Tyagi via lists.openembedded.org wrote:
>> From: Ankur Tyagi <ankur.tyagi85@gmail.com>
>>
>> Details https://nvd.nist.gov/vuln/detail/CVE-2025-25469
>>
>> This vulnerability exists in IAMF (Immersive Audio Model and Formats demuxer)
>> which was introduced in version 7.0 [1]
>>
>> $ git tag --contains 4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
>> n7.0
>> n7.0.1
>> n7.0.2
>> n7.0.3
>> n7.1
>> n7.1-dev
>> n7.1.1
>> n7.1.2
>> n7.1.3
>> n7.2-dev
>> n8.0
>> n8.0.1
>> n8.1-dev
>>
>> [1] https://git.ffmpeg.org/gitweb/ffmpeg.git/commit/4ee05182b7cccfa6928dcb0a45c2b50b7d9ea39b
>>
>> Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
>> ---
>> meta/recipes-multimedia/ffmpeg/ffmpeg_6.1.4.bb | 2 ++
>> 1 file changed, 2 insertions(+)
>
> Hello,
>
> Thank you for the patch, I reviewed it and I'm OK with it.
A precision though, it matches master and whinlatter patches "ffmpeg: ignore 10 CVEs".
Your patch will have to wait that the master and whinlatter patches
merge. And that will be too late for 5.0.16.
>
> Can I ask you to contact NVD to try to get the CPE fixed?
>
> Thanks in advance,
>
> Regards,
--
Yoann Congal
Smile ECS
next prev parent reply other threads:[~2026-02-05 15:17 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-02 4:08 [OE-core][scarthgap][PATCH 1/3] ffmpeg: upgrade 6.1.3 -> 6.1.4 ankur.tyagi85
2026-02-02 4:08 ` [OE-core][scarthgap][PATCH 2/3] ffmpeg: ignore CVE-2025-25469 ankur.tyagi85
2026-02-05 15:10 ` Yoann Congal
2026-02-05 15:17 ` Yoann Congal [this message]
2026-02-05 22:16 ` Ankur Tyagi
2026-02-02 4:08 ` [OE-core][scarthgap][PATCH 3/3] vim: ignore CVE-2025-66476 ankur.tyagi85
2026-02-05 9:59 ` Yoann Congal
2026-02-16 10:10 ` [scarthgap][PATCH " Anil Dongare -X (adongare - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-16 10:46 ` [OE-core] " Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=DG74M83PX9AC.3S1J2YE0AX38T@smile.fr \
--to=yoann.congal@smile.fr \
--cc=ankur.tyagi85@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox