[zeus,07/31] libsndfile1: whitelist CVE-2018-13419

Message ID	541ec2f0590ab1f2c0667bf36df7c4c1bb0b6a25.1573658916.git.akuster808@gmail.com
State	New
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; From: Armin Kuster <akuster808@gmail.com> To: openembedded-core@lists.openembedded.org Date: Wed, 13 Nov 2019 07:31:49 -0800 Message-Id: <541ec2f0590ab1f2c0667bf36df7c4c1bb0b6a25.1573658916.git.akuster808@gmail.com> In-Reply-To: <cover.1573658915.git.akuster808@gmail.com> References: <cover.1573658915.git.akuster808@gmail.com> Subject: [OE-core] [zeus 07/31] libsndfile1: whitelist CVE-2018-13419 Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org
Series	None \| expand [zeus,05/31] libpng: whitelist CVE-2019-17371 [zeus,06/31] procps: whitelist CVE-2018-1121 [zeus,07/31] libsndfile1: whitelist CVE-2018-13419 [zeus,08/31] libpam: set CVE_PRODUCT [zeus,12/31] file: fix CVE-2019-18218 [zeus,13/31] file: run test suite when building natively [zeus,17/31] cve-check: ensure all known CVEs are in the report [zeus,18/31] qemu-helper-native: add missing option to getopt() call [zeus,19/31] qemu-helper-native: showing help shouldn't be an error [zeus,20/31] qemu-helper-native: pass compiler flags [zeus,23/31] cve-check: failure to parse versions should be more visible [zeus,25/31] recipeutils-test: use a small dependency in the dummy recipe [zeus,26/31] patch: the CVE-2019-13638 fix also handles CVE-2018-20969

Message ID

541ec2f0590ab1f2c0667bf36df7c4c1bb0b6a25.1573658916.git.akuster808@gmail.com

State

New

Headers

Received-SPF: pass (google.com: best guess record for domain of
	openembedded-core-bounces@lists.openembedded.org designates
	140.211.169.62 as permitted sender) client-ip=140.211.169.62; 
From: Armin Kuster <akuster808@gmail.com>
To: openembedded-core@lists.openembedded.org
Date: Wed, 13 Nov 2019 07:31:49 -0800
Message-Id: <541ec2f0590ab1f2c0667bf36df7c4c1bb0b6a25.1573658916.git.akuster808@gmail.com>
In-Reply-To: <cover.1573658915.git.akuster808@gmail.com>
References: <cover.1573658915.git.akuster808@gmail.com>
Subject: [OE-core] [zeus 07/31] libsndfile1: whitelist CVE-2018-13419
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: openembedded-core-bounces@lists.openembedded.org
Errors-To: openembedded-core-bounces@lists.openembedded.org

Series

None | expand

Commit Message

Armin Kuster Nov. 13, 2019, 3:31 p.m. UTC

From: Ross Burton <ross.burton@intel.com>


This is a memory leak that nobody else can replicate and has been rejected by
upstream.

Signed-off-by: Ross Burton <ross.burton@intel.com>

Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Signed-off-by: Adrian Bunk <bunk@stusta.de>

Signed-off-by: Anuj Mittal <anuj.mittal@intel.com>

---
 meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.7.4

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index ffb4585..7855008 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -33,3 +33,7 @@  PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
 PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3"
 
 inherit autotools lib_package pkgconfig
+
+# This can't be replicated and is just a memory leak.
+# https://github.com/erikd/libsndfile/issues/398
+CVE_CHECK_WHITELIST += "CVE-2018-13419"