| Message ID | 20191104142654.20440-3-ross.burton@intel.com |
|---|---|
| State | Accepted |
| Commit | 2c2f70f0f364474e2d9c7d7e5480e80c77e5dea4 |
| Headers | show
Delivered-To: patch@linaro.org Received: by 2002:a92:38d5:0:0:0:0:0 with SMTP id g82csp1554684ilf; Mon, 4 Nov 2019 06:27:14 -0800 (PST) X-Google-Smtp-Source: APXvYqzPs8zgx2cEhCJd/tmAgfMNJUMnhOBf9Uk0tmw0S38sL5zwdeaHi6OIueoRI72phzT4vz9e X-Received: by 2002:a63:ff46:: with SMTP id s6mr30488941pgk.337.1572877634776; Mon, 04 Nov 2019 06:27:14 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1572877634; cv=none; d=google.com; s=arc-20160816; b=S2AzzemKdYoGZlqvfnIqry7DAxKz846Hwgt6a1w2B7/wSXo5yaGVp2ZIrBFwAnqGgW VQbu2YyNQvAgNqA13OPerWn+XDm6YjaKwDQwOHPPxAW3y8AyrwpGax7F96ybj7T8SRtE FhlABJIJ8tGIvQBsTD3XPswTYNr+/F0wgLQAl+m65vDXaoKSYenvP7ktMr8F9BguLuEC LE2/2+0/7ON8eYGx3tKQB4JyTm/wCSL74NGA+HFzT8IymnE4CG7J4iQB6yGMuJDBqxo2 BJBfN3tpvf2hMSgFmfPVjsmSbVoDDSSQRqUXQFbeiGnYqEDYl9FC8k43YeFAZ66W19Xo y+Xg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:sender:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:delivered-to; bh=lRBcxdoKS4r8OXKwnUa3t76flaqk0Tq3maBZf1FHyLU=; b=RsTzKeUq74u8fjhTqF0hHucbv0eTdUSPP3V68IAk7IPr/UI0IlKOToaioSDxU8Rjwy p2Kz05bhtQdRGpA4Q9kgaViP3Bs6WmjQfDQ62qcmGMqmDmrqnYYvFuQ3s6wuRQ+bK/3b l+aje3PzkIHuBSAPtWg2rEMlepRQcmNNUo+bT3/I46T+EC7x3IB3+3KDZomcEf/Eyona yfjZiIe3Zprx34TrlSRdMMYGVgzDr1iz0IAB2Q9Po/43Birg0q1UMgSU+rKohZWboTfs /FVq7YaeaYfuvl93Qf2yPM3IZ6PT5enTKYtF6SjNF2GCKJNllKPKuQ9EWeoVdBWOUvxa GIYQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=Z+6lZQP3; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Return-Path: <openembedded-core-bounces@lists.openembedded.org> Received: from mail.openembedded.org (mail.openembedded.org. [140.211.169.62]) by mx.google.com with ESMTP id s24si13556459plr.309.2019.11.04.06.27.14; Mon, 04 Nov 2019 06:27:14 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@intel-com.20150623.gappssmtp.com header.s=20150623 header.b=Z+6lZQP3; spf=pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) smtp.mailfrom=openembedded-core-bounces@lists.openembedded.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=intel.com Received: from ec2-34-214-78-129.us-west-2.compute.amazonaws.com (localhost [127.0.0.1]) by mail.openembedded.org (Postfix) with ESMTP id 1CFF57F8E5; Mon, 4 Nov 2019 14:27:04 +0000 (UTC) X-Original-To: openembedded-core@lists.openembedded.org Delivered-To: openembedded-core@lists.openembedded.org Received: from mail-wr1-f48.google.com (mail-wr1-f48.google.com [209.85.221.48]) by mail.openembedded.org (Postfix) with ESMTP id F10527F8BD for <openembedded-core@lists.openembedded.org>; Mon, 4 Nov 2019 14:26:59 +0000 (UTC) Received: by mail-wr1-f48.google.com with SMTP id b3so11545539wrs.13 for <openembedded-core@lists.openembedded.org>; Mon, 04 Nov 2019 06:27:01 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=intel-com.20150623.gappssmtp.com; s=20150623; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=c4QlwE9lZiA21lPqHcAyFAqKUF0TlKtsbyRAav+RBnQ=; b=Z+6lZQP3lFEJNfh/ETD6+UUrkDeUHgQ2b02GFTHSKqj8fnf0nLtH0QQRDvSDqvV/HE icj8BdLyWzINacwriw0vjoHsYw0IRslJS4w3jkTSOc6B79w2QfenpMDfaZ3WlcqWRyGW 0rsozEWPuF163o+tRWS19OU4olh9rm33/IxPX2Bcyqdv9GaW17CwWYk7FDPsaOer84tI PDrT0rEIL5UUBLg6I4Sq1Oh8/aOn6Txy+gAXTLbenQEhftvq4LvB3A3mHo6YjotehIH8 ogdMnrk8a/cfy73wrQMFFDNjkAo/mmGWQvnc3PszoeBg4zFFv4cKRafbNWn5r629ByX2 /tIQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=c4QlwE9lZiA21lPqHcAyFAqKUF0TlKtsbyRAav+RBnQ=; b=hz2dY5KOLx04w1nSrKB5bWfgxi/oUn2YPg6b0A2I5cdrftorKnDS+7svyy3c8M1gKL EFcKb+vmvakUmUQif2bDgwTBOFu4xVNi3J6/0xZb9lxuMT3f0y327HGEv8ROvoirF2YT l8KKnXTK239cWVirEETKgdaMLwVl+fg6wp7/1DrmGHCHl3tfwmQxY80uS6AId4+QDEfo l7jN1ZT+XTc0OW7ReaxtPcc+ricrArkBpnP079UDBvDcgT8lHKQsa2wntaO7byjd5OJW 22OXuuuxR7Dw/Oy7UMOIsu729xoa4dMaRERMotJkqW6zFwiB0fNGJu8pRSfLL83Sx/Zh eZeg== X-Gm-Message-State: APjAAAWXhUX8r/U4gU5/0Us15UhR+t6MstEiiwVGbPzWmTSZQkVoySDk xJTimliGPBcchF9I7lcIQx4mnpztVss= X-Received: by 2002:a5d:4e89:: with SMTP id e9mr10474647wru.342.1572877620515; Mon, 04 Nov 2019 06:27:00 -0800 (PST) Received: from flashheart.burtonini.com (35.106.2.81.in-addr.arpa. [81.2.106.35]) by smtp.gmail.com with ESMTPSA id d4sm26873251wrc.54.2019.11.04.06.26.59 for <openembedded-core@lists.openembedded.org> (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 04 Nov 2019 06:27:00 -0800 (PST) From: Ross Burton <ross.burton@intel.com> To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 14:26:54 +0000 Message-Id: <20191104142654.20440-3-ross.burton@intel.com> X-Mailer: git-send-email 2.20.1 In-Reply-To: <20191104142654.20440-1-ross.burton@intel.com> References: <20191104142654.20440-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH v2 3/3] libsndfile1: whitelist CVE-2018-13419 X-BeenThere: openembedded-core@lists.openembedded.org X-Mailman-Version: 2.1.12 Precedence: list List-Id: Patches and discussions about the oe-core layer <openembedded-core.lists.openembedded.org> List-Unsubscribe: <http://lists.openembedded.org/mailman/options/openembedded-core>, <mailto:openembedded-core-request@lists.openembedded.org?subject=unsubscribe> List-Archive: <http://lists.openembedded.org/pipermail/openembedded-core/> List-Post: <mailto:openembedded-core@lists.openembedded.org> List-Help: <mailto:openembedded-core-request@lists.openembedded.org?subject=help> List-Subscribe: <http://lists.openembedded.org/mailman/listinfo/openembedded-core>, <mailto:openembedded-core-request@lists.openembedded.org?subject=subscribe> Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org |
| Series |
[v2,1/3] libpng: whitelist CVE-2019-17371
|
expand
|
diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb index ffb45855a4b..7855008f3d8 100644 --- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb +++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb @@ -33,3 +33,7 @@ PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib" PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3" inherit autotools lib_package pkgconfig + +# This can't be replicated and is just a memory leak. +# https://github.com/erikd/libsndfile/issues/398 +CVE_CHECK_WHITELIST += "CVE-2018-13419"
This is a memory leak that nobody else can replicate and has been rejected by upstream. Signed-off-by: Ross Burton <ross.burton@intel.com> --- meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++ 1 file changed, 4 insertions(+) -- 2.20.1 -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core