| Message ID | 20260413111552.1809426-1-hjadon@cisco.com |
|---|---|
| State | Changes Requested |
| Headers | show |
| Series | [master] acpid2: Add vendor to CVE_PRODUCT | expand |
On Mon, 2026-04-13 at 04:15 -0700, Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote: > From: Himanshu Jadon <hjadon@cisco.com> > > Added `tedfelix` as a vendor to `CVE_PRODUCT` to align with the > product naming defined in the NVD CPE database for `acpid2`. > > Only a single CPE entry exists in the NVD for this product: > `cpe:2.3:a:tedfelix:acpid2` > > So far, only two CVEs have been reported against this CPE, confirming it > as the correct mapping for CVE reporting. > > Signed-off-by: Himanshu Jadon <hjadon@cisco.com> > --- > meta/recipes-bsp/acpid/acpid.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-bsp/acpid/acpid.inc b/meta/recipes-bsp/acpid/acpid.inc > index ba954563b6..0d32249a61 100644 > --- a/meta/recipes-bsp/acpid/acpid.inc > +++ b/meta/recipes-bsp/acpid/acpid.inc > @@ -17,7 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${SOURCEFORGE_PROJECT}/acpid-${PV}.tar.xz \ > file://0001-Replace-stat64-with-stat.patch \ > " > > -CVE_PRODUCT = "acpid2" > +CVE_PRODUCT = "tedfelix:acpid2" I don't see any other invalid CPEs when I search for "acpid2" [1]. Why do we need to specify the vendor here? Are you seeing matches against other CPEs for acpid2? [1]: https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=acpid2 Best regards,
diff --git a/meta/recipes-bsp/acpid/acpid.inc b/meta/recipes-bsp/acpid/acpid.inc index ba954563b6..0d32249a61 100644 --- a/meta/recipes-bsp/acpid/acpid.inc +++ b/meta/recipes-bsp/acpid/acpid.inc @@ -17,7 +17,7 @@ SRC_URI = "${SOURCEFORGE_MIRROR}/${SOURCEFORGE_PROJECT}/acpid-${PV}.tar.xz \ file://0001-Replace-stat64-with-stat.patch \ " -CVE_PRODUCT = "acpid2" +CVE_PRODUCT = "tedfelix:acpid2" inherit autotools update-rc.d systemd sourceforge-releases