24abd61c54
Details: https://nvd.nist.gov/vuln/detail/CVE-2024-51442 The description of the vulnerability says "attacker [...] execute arbitrary OS commands via a specially crafted minidlna.conf configuration file". There is no official fix for this CVE, and upstream seems to be inactive for the past 3 years. The reason for ignoring this CVE is that the referenced minidlna.conf file is in the /etc folder, and the file is not world-writable. Which means that this vulnerability can be exploited only when someone is root - but if the attacker is already root, they don't need to resort to minidlna config-file modifications to execute any command they want. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
This layer depends on:
URI: git://git.openembedded.org/openembedded-core branch: master
URI: git://git.openembedded.org/meta-openembedded layers: meta-oe branch: master
Send pull requests to openembedded-devel@lists.openembedded.org with '[meta-multimedia]' in the subject
When sending single patches, please use something like: git send-email -M -1 --to openembedded-devel@lists.openembedded.org --subject-prefix='meta-multimedia][PATCH'
You are encouraged to fork the mirror on github https://github.com/openembedded/meta-openembedded to share your patches, this is preferred for patch sets consisting of more than one patch. Other services like GitLab, repo.or.cz or self hosted setups are of course accepted as well, 'git fetch ' works the same on all of them. We recommend github because it is free, easy to use, has been proven to be reliable and has a really good web GUI.
Layer maintainer: Khem Raj raj.khem@gmail.com