diff mbox series

[v1] util-linux: Add vendor to CVE_PRODUCT to exclude false positives

Message ID 20260226125415.53196-1-hetpat@cisco.com
State New
Headers show
Series [v1] util-linux: Add vendor to CVE_PRODUCT to exclude false positives | expand

Commit Message

From: Het Patel <hetpat@cisco.com>

- Added the vendor to CVE_PRODUCT to prevent false positives.

Signed-off-by: Het Patel <hetpat@cisco.com>
---
 meta/recipes-core/util-linux/util-linux.inc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

Comments

Peter Marko Feb. 26, 2026, 1:17 p.m. UTC | #1
> -----Original Message-----
> From: openembedded-core@lists.openembedded.org <openembedded-
> core@lists.openembedded.org> On Behalf Of Het Patel via
> lists.openembedded.org
> Sent: Thursday, February 26, 2026 13:54
> To: openembedded-core@lists.openembedded.org
> Cc: xe-linux-external@cisco.com; vchavda@cisco.com
> Subject: [OE-core] [PATCH v1] util-linux: Add vendor to CVE_PRODUCT to
> exclude false positives
> 
> From: Het Patel <hetpat@cisco.com>
> 
> - Added the vendor to CVE_PRODUCT to prevent false positives.
> 
> Signed-off-by: Het Patel <hetpat@cisco.com>
> ---
>  meta/recipes-core/util-linux/util-linux.inc | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-
> linux/util-linux.inc
> index deb9bfd064..81fefa5afa 100644
> --- a/meta/recipes-core/util-linux/util-linux.inc
> +++ b/meta/recipes-core/util-linux/util-linux.inc
> @@ -24,4 +24,4 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-
> linux/v${MAJOR_VERSION}/util-lin
> 
>  SRC_URI[sha256sum] =
> "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
> 
> -CVE_PRODUCT = "util-linux"
> +CVE_PRODUCT = "kernel:util-linux"

Which false positives are you trying to remove?
I think that all of these are correct and there are not false positives:

sqlite> select count(*), vendor, product from products where product like '%util-linux%' group by vendor, product;
29|andries_brouwer|util-linux
16|kernel|util-linux
56|linux|util-linux
1|util-linux_project|util-linux
diff mbox series

Patch

diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc
index deb9bfd064..81fefa5afa 100644
--- a/meta/recipes-core/util-linux/util-linux.inc
+++ b/meta/recipes-core/util-linux/util-linux.inc
@@ -24,4 +24,4 @@  SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin
 
 SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b"
 
-CVE_PRODUCT = "util-linux"
+CVE_PRODUCT = "kernel:util-linux"