helium-3rd-party/meta-openembedded
1
0
Fork 0
mirror of git://git.openembedded.org/meta-openembedded synced 2026-04-02 02:49:12 +00:00
Code Issues Packages Projects Releases Wiki Activity

sox: mark CVEs included in hash update as fixed

Browse Source 
git log sox-14.4.2..HEAD | grep -o 'CVE-[0-9-]*' | sort -u
CVE-2017-11332
CVE-2017-11358
CVE-2017-11359
CVE-2017-15370
CVE-2017-15371
CVE-2017-15372
CVE-2017-15642
CVE-2017-18189
CVE-2019-13590
CVE-2019-8354
CVE-2019-8355
CVE-2019-8356
CVE-2019-8357

Following remaining CVEs are handled in commits:
CVE-2019-1010004
- NVD: https://nvd.nist.gov/vuln/detail/CVE-2019-1010004
- report: https://sourceforge.net/p/sox/bugs/299/
- patch: 09d7388c8a/
- same commit as CVE-2017-18189 as mentioned in NVD and bugreport texts
- https://security-tracker.debian.org/tracker/CVE-2019-1010004 links it
- it's only commit in src/xa.c in last 15 years

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This commit is contained in:
Peter Marko 2025-03-16 23:53:50 +01:00 committed by Khem Raj
parent 0ae4736226
commit afb0d8d2c6
No known key found for this signature in database
GPG Key ID: BB053355919D3314
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
meta-multimedia/recipes-multimedia/sox/sox_14.4.2.bb
View File

@ -38,6 +38,14 @@ S = "${WORKDIR}/git"
CVE_PRODUCT:append = " libsox_project:libsox sound_exchange_project:sound_exchange"
CVE_STATUS_GROUPS += "CVE_STATUS_HASH_UPDATE"
CVE_STATUS_HASH_UPDATE = " \
CVE-2017-11332 CVE-2017-11358 CVE-2017-11359 CVE-2017-15370 CVE-2017-15371 \
CVE-2017-15372 CVE-2017-15642 CVE-2017-18189 CVE-2019-13590 CVE-2019-8354 \
CVE-2019-8355 CVE-2019-8356 CVE-2019-8357 CVE-2019-1010004 \
"
CVE_STATUS_HASH_UPDATE[status] = "fixed-version: patched in current git hash"
inherit autotools pkgconfig
# Enable largefile support