b072b1018e
Both openh264 2.6.0 and 2.5.1 contain the fix for this CVE (see the release notes at [1]). In other words the version we have is no longer vulnerable sincea7aeb5a46e("package/libopenh264: security bump to version 2.5.1") but pkg-stats still reports it. An email was sent to the NVD to fix the CPE version number, but in the meantime let's ignore it to reduce the noise in our CVE checker. [1]: https://github.com/cisco/openh264/releases/tag/2.5.1 Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be> Signed-off-by: Peter Korsgaard <peter@korsgaard.com> (cherry picked from commit2488d97719) Signed-off-by: Thomas Perale <thomas.perale@mind.be>