From: Peter Marko <[email protected]> This is fixed in id3lib3.8.3_3.8.3-16.2.debian.tar.xz patch included in SRC_URI. Version 3.8.3-7 contains patch for this CVE, we use 3.8.3-16.2. This can be verified by checking the debian/changelog within this patch or diffing [1] and [2] and verifying that this can be reverse-applied.
[1] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-6.diff.gz [2] https://snapshot.debian.org/archive/debian/20070819T000000Z/pool/main/i/id3lib3.8.3/id3lib3.8.3_3.8.3-7.diff.gz Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 9fff0040f1694b09c6c68cf59615f42d801d62f5) Signed-off-by: Ankur Tyagi <[email protected]> --- meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb index 9e4b516aad..77cd96e91a 100644 --- a/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb +++ b/meta-oe/recipes-multimedia/id3lib/id3lib_3.8.3.bb @@ -14,6 +14,8 @@ SRC_URI[archive.sha256sum] = "2749cc3c0cd7280b299518b1ddf5a5bcfe2d1100614519b687 SRC_URI[patch.md5sum] = "3ea90c0aedfcb56a53ac760a94bacb9e" SRC_URI[patch.sha256sum] = "6170f085972fdeb5fd69e346860100416707bb0b9f3a73a17a64945dc8b7cfe1" +CVE_STATUS[CVE-2007-4460] = "patched: fix is included in debian patch" + inherit autotools # Unlike other Debian packages, id3lib*.diff.gz contains another series of
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123342): https://lists.openembedded.org/g/openembedded-devel/message/123342 Mute This Topic: https://lists.openembedded.org/mt/117203684/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
