package/libopenh264: ignore CVE-2025-27091

Both openh264 2.6.0 and 2.5.1 contain the fix for this CVE (see the
release notes at [1]).

In other words the version we have is no longer vulnerable since
a7aeb5a46eaaf8a39560c8664593018cf253835a ("package/libopenh264:
security bump to version 2.5.1") but pkg-stats still reports it.

An email was sent to the NVD to fix the CPE version number, but in the
meantime let's ignore it to reduce the noise in our CVE checker.

[1]: https://github.com/cisco/openh264/releases/tag/2.5.1

Signed-off-by: Raphaël Mélotte <raphael.melotte@mind.be>
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
(cherry picked from commit 2488d97719535a00797bef01caad7f449954c725)
Signed-off-by: Thomas Perale <thomas.perale@mind.be>

package/libopenh264/libopenh264.mk

@@ -12,6 +12,9 @@ LIBOPENH264_CPE_ID_VENDOR = cisco
 LIBOPENH264_CPE_ID_PRODUCT = openh264
 LIBOPENH264_INSTALL_STAGING = YES
 
+# The following CVE is fixed in 2.5.1, the NVD CPE is not up to date
+LIBOPENH264_IGNORE_CVES += CVE-2025-27091
+
 ifeq ($(BR2_aarch64),y)
 LIBOPENH264_ARCH = aarch64
 else ifeq ($(BR2_arm)$(BR2_armeb),y)