mirror of
https://github.com/freedomofpress/dangerzone.git
synced 2025-04-28 09:52:37 +02:00
08f03b4bb4
Our security scans no longer pick up some CVEs we have ignored in the past, so we can safely remove them now.
18 lines
724 B
YAML
18 lines
724 B
YAML
# This configuration file will be used to track CVEs that we can ignore for the
|
|
# latest release of Dangerzone, and offer our analysis.
|
|
|
|
ignore:
|
|
- vulnerability: CVE-2024-5535
|
|
# CVE-2024-5171
|
|
# =============
|
|
#
|
|
# NVD Entry: https://nvd.nist.gov/vuln/detail/CVE-2024-5171
|
|
# Verdict: Dangerzone is not affected. The rationale is the following:
|
|
#
|
|
# The affected library, `libaom.so`, is linked by GStreamer's `libgstaom.so`
|
|
# library. The vulnerable `aom_img_alloc` function is only used when
|
|
# **encoding** a video to AV1. LibreOffce uses the **decode** path instead,
|
|
# when generating thumbnails.
|
|
#
|
|
# See also: https://github.com/freedomofpress/dangerzone/issues/895
|
|
- vulnerability: CVE-2024-5171
|