diff mbox series

[4/9] ref-manual: add mention of vendor filtering to CVE_PRODUCT

Message ID e13a47686dd04eebf11850f01783e4b8e7d48b23.1650591341.git.paul.eggleton@linux.microsoft.com
State New
Headers show
Series [1/9] migration-3.4: add missing entry on EXTRA_USERS_PARAMS | expand

Commit Message

Paul Eggleton April 22, 2022, 1:40 a.m. UTC 
From: Paul Eggleton <paul.eggleton@microsoft.com>

Mention the vendor filtering functionality - prompted by OE-Core
revision 45d1a0bea0c628f84a00d641a4d323491988106f.

Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com>
---
 documentation/ref-manual/variables.rst | 7 +++++++
 1 file changed, 7 insertions(+)
diff mbox series

Patch

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 4df8165..0b8c44f 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1485,6 +1485,13 @@  system and gives an overview of their function and contents.
 
          CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
 
+      Sometimes the product name is not specific enough, for example
+      "tar" has been matching CVEs for the GNU ``tar`` package and also
+      the ``node-tar`` node.js extension. To avoid this problem, use the
+      vendor name as a prefix. The syntax for this is::
+
+         CVE_PRODUCT = "vendor:package"
+
    :term:`CVSDIR`
       The directory in which files checked out under the CVS system are
       stored.