From 1f70d339eb3d3f4897f3eef91ae86fd915cbfa8c Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 23 Feb 2026 20:18:43 +0100
Subject: [PATCH] minidlna: ignore CVE-2024-51442

Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442

The description of the vulnerability says "attacker [...] execute arbitrary
OS commands via a specially crafted minidlna.conf configuration file".

There is no official fix for this CVE, and upstream seems to be inactive
for the past 3 years.

The reason for ignoring this CVE is that the referenced minidlna.conf
file is in the /etc folder, and the file is not world-writable. Which
means that this vulnerability can be exploited only when someone is
root - but if the attacker is already root, they don't need to resort
to minidlna config-file modifications to execute any command they want.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-multimedia/recipes-multimedia/minidlna/minidlna.inc | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
index cb2a1865e8..0dd297098c 100644
--- a/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
+++ b/meta-multimedia/recipes-multimedia/minidlna/minidlna.inc
@@ -43,3 +43,4 @@ SYSTEMD_SERVICE:${PN} = "minidlna.service"
 INITSCRIPT_NAME = "minidlna"
 INITSCRIPT_PARAMS = "defaults 90"
 
+CVE_STATUS[CVE-2024-51442] = "not-applicable-config: vulnerability requires root access"