[2/2] libsndfile1: whitelist CVE-2018-13419

Message ID	20191104135106.14625-2-ross.burton@intel.com
State	Superseded
Headers	show Delivered-To: patch@linaro.org Received-SPF: pass (google.com: best guess record for domain of openembedded-core-bounces@lists.openembedded.org designates 140.211.169.62 as permitted sender) client-ip=140.211.169.62; From: Ross Burton <ross.burton@intel.com> To: openembedded-core@lists.openembedded.org Date: Mon, 4 Nov 2019 13:51:06 +0000 Message-Id: <20191104135106.14625-2-ross.burton@intel.com> In-Reply-To: <20191104135106.14625-1-ross.burton@intel.com> References: <20191104135106.14625-1-ross.burton@intel.com> MIME-Version: 1.0 Subject: [OE-core] [PATCH 2/2] libsndfile1: whitelist CVE-2018-13419 Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: openembedded-core-bounces@lists.openembedded.org Errors-To: openembedded-core-bounces@lists.openembedded.org
Series	[1/2] procps: whitelist CVE-2018-1121 \| expand [1/2] procps: whitelist CVE-2018-1121 [2/2] libsndfile1: whitelist CVE-2018-13419

Message ID

20191104135106.14625-2-ross.burton@intel.com

State

Superseded

Headers

Received-SPF: pass (google.com: best guess record for domain of
	openembedded-core-bounces@lists.openembedded.org designates
	140.211.169.62 as permitted sender) client-ip=140.211.169.62; 
From: Ross Burton <ross.burton@intel.com>
To: openembedded-core@lists.openembedded.org
Date: Mon,  4 Nov 2019 13:51:06 +0000
Message-Id: <20191104135106.14625-2-ross.burton@intel.com>
In-Reply-To: <20191104135106.14625-1-ross.burton@intel.com>
References: <20191104135106.14625-1-ross.burton@intel.com>
MIME-Version: 1.0
Subject: [OE-core] [PATCH 2/2] libsndfile1: whitelist CVE-2018-13419
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: openembedded-core-bounces@lists.openembedded.org
Errors-To: openembedded-core-bounces@lists.openembedded.org

Series

[1/2] procps: whitelist CVE-2018-1121 | expand

Commit Message

Ross Burton Nov. 4, 2019, 1:51 p.m. UTC

This is a memory leak that nobody else can replicate and has been rejected by
upstream.

Signed-off-by: Ross Burton <ross.burton@intel.com>

---
 meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb | 4 ++++
 1 file changed, 4 insertions(+)

-- 
2.20.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

diff --git a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
index ffb45855a4b..0ba58399624 100644
--- a/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
+++ b/meta/recipes-multimedia/libsndfile/libsndfile1_1.0.28.bb
@@ -33,3 +33,7 @@  PACKAGECONFIG[alsa] = "--enable-alsa,--disable-alsa,alsa-lib"
 PACKAGECONFIG[regtest] = "--enable-sqlite,--disable-sqlite,sqlite3"
 
 inherit autotools lib_package pkgconfig
+
+# This can't be replicated and is just a memory leak.
+# https://github.com/erikd/libsndfile/issues/398
+CVE_CHECK_WHITELIST = "CVE-2018-13419"