| Message ID | 20250115152909.2368573-1-madmarri@cisco.com |
|---|---|
| State | New |
| Headers | show |
| Series | [master] strace: add vendor to CVE_PRODUCT to exclude false positives | expand |
diff --git a/meta/recipes-devtools/strace/strace_6.12.bb b/meta/recipes-devtools/strace/strace_6.12.bb index c16e5dc478..0cbaead216 100644 --- a/meta/recipes-devtools/strace/strace_6.12.bb +++ b/meta/recipes-devtools/strace/strace_6.12.bb @@ -53,3 +53,6 @@ do_install_ptest() { RDEPENDS:${PN}-ptest += "make coreutils grep gawk sed locale-base-en-us" BBCLASSEXTEND = "native" + +# adding 'CVE_PRODUCT' to avoid false detection of CVEs +CVE_PRODUCT = "strace:strace"
- To avoid false positives such as CVE-2000-0006, add the CVE_PRODUCT value with the vendor. - The CVE-2000-0006 has the vendor paul_kranenburg:strace. - This change has been verified by running do_cve_check task for strace package. Signed-off-by: Madhu Marri <madmarri@cisco.com> --- meta/recipes-devtools/strace/strace_6.12.bb | 3 +++ 1 file changed, 3 insertions(+)