[Buildroot] [PATCH 1/1] package/libopenh264: ignore CVE-2025-27091
Peter Korsgaard
peter at korsgaard.com
Mon Apr 14 19:41:53 UTC 2025
>>>>> "Raphaël" == Raphaël Mélotte <raphael.melotte at mind.be> writes:
> Both openh264 2.6.0 and 2.5.1 contain the fix for this CVE (see the
> release notes at [1]).
> In other words the version we have is no longer vulnerable since
> a7aeb5a46eaaf8a39560c8664593018cf253835a ("package/libopenh264:
> security bump to version 2.5.1") but pkg-stats still reports it.
> An email was sent to the NVD to fix the CPE version number, but in the
> meantime let's ignore it to reduce the noise in our CVE checker.
> [1]: https://github.com/cisco/openh264/releases/tag/2.5.1
> Signed-off-by: Raphaël Mélotte <raphael.melotte at mind.be>
Committed, thanks.
--
Bye, Peter Korsgaard
More information about the buildroot
mailing list