| Message ID | 20241121082901.2747720-3-benjamin.bouvier@ekinops.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | Add exact CPE name including vendor to several components. | expand |
I did not find any CVE for bridge-utils in our nvdcve_2-2.db. Based on what did you choose the vendor? I think that until there is a CVE where we can the base data from and also a conflicting CVE which would show this need, we should not limit the vendor string. And regarding the other patches, it would be great if the commit message Would contain description why it is needed (e.g. which vendor in existing CVEs you want to filter out). Peter > -----Original Message----- > From: openembedded-devel@lists.openembedded.org <openembedded- > devel@lists.openembedded.org> On Behalf Of Benjamin Bouvier via > lists.openembedded.org > Sent: Thursday, November 21, 2024 9:29 > To: openembedded-devel@lists.openembedded.org > Cc: Benjamin Bouvier <benjamin.bouvier@ekinops.com> > Subject: [oe] [meta-networking][PATCH 2/3] bridge-utils: add CVE_PRODUCT > > Add exact CPE name in CVE_PRODUCT. > > Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> > --- > .../recipes-support/bridge-utils/bridge-utils_1.7.1.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta-networking/recipes-support/bridge-utils/bridge- > utils_1.7.1.bb b/meta-networking/recipes-support/bridge-utils/bridge- > utils_1.7.1.bb > index cf0fc1c33..66c8f2d05 100644 > --- a/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb > +++ b/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb > @@ -19,6 +19,8 @@ S = "${WORKDIR}/git" > > DEPENDS = "sysfsutils" > > +CVE_PRODUCT = "kernel:bridge-utils" > + > inherit autotools-brokensep update-alternatives > > ALTERNATIVE:${PN} = "brctl" > -- > 2.34.1
diff --git a/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb b/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb index cf0fc1c33..66c8f2d05 100644 --- a/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb +++ b/meta-networking/recipes-support/bridge-utils/bridge-utils_1.7.1.bb @@ -19,6 +19,8 @@ S = "${WORKDIR}/git" DEPENDS = "sysfsutils" +CVE_PRODUCT = "kernel:bridge-utils" + inherit autotools-brokensep update-alternatives ALTERNATIVE:${PN} = "brctl"
Add exact CPE name in CVE_PRODUCT. Signed-off-by: Benjamin Bouvier <benjamin.bouvier@ekinops.com> --- .../recipes-support/bridge-utils/bridge-utils_1.7.1.bb | 2 ++ 1 file changed, 2 insertions(+)