| Message ID | 20260226125415.53196-1-hetpat@cisco.com |
|---|---|
| State | New |
| Headers | show |
| Series | [v1] util-linux: Add vendor to CVE_PRODUCT to exclude false positives | expand |
> -----Original Message----- > From: openembedded-core@lists.openembedded.org <openembedded- > core@lists.openembedded.org> On Behalf Of Het Patel via > lists.openembedded.org > Sent: Thursday, February 26, 2026 13:54 > To: openembedded-core@lists.openembedded.org > Cc: xe-linux-external@cisco.com; vchavda@cisco.com > Subject: [OE-core] [PATCH v1] util-linux: Add vendor to CVE_PRODUCT to > exclude false positives > > From: Het Patel <hetpat@cisco.com> > > - Added the vendor to CVE_PRODUCT to prevent false positives. > > Signed-off-by: Het Patel <hetpat@cisco.com> > --- > meta/recipes-core/util-linux/util-linux.inc | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util- > linux/util-linux.inc > index deb9bfd064..81fefa5afa 100644 > --- a/meta/recipes-core/util-linux/util-linux.inc > +++ b/meta/recipes-core/util-linux/util-linux.inc > @@ -24,4 +24,4 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util- > linux/v${MAJOR_VERSION}/util-lin > > SRC_URI[sha256sum] = > "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b" > > -CVE_PRODUCT = "util-linux" > +CVE_PRODUCT = "kernel:util-linux" Which false positives are you trying to remove? I think that all of these are correct and there are not false positives: sqlite> select count(*), vendor, product from products where product like '%util-linux%' group by vendor, product; 29|andries_brouwer|util-linux 16|kernel|util-linux 56|linux|util-linux 1|util-linux_project|util-linux
diff --git a/meta/recipes-core/util-linux/util-linux.inc b/meta/recipes-core/util-linux/util-linux.inc index deb9bfd064..81fefa5afa 100644 --- a/meta/recipes-core/util-linux/util-linux.inc +++ b/meta/recipes-core/util-linux/util-linux.inc @@ -24,4 +24,4 @@ SRC_URI = "${KERNELORG_MIRROR}/linux/utils/util-linux/v${MAJOR_VERSION}/util-lin SRC_URI[sha256sum] = "3330d873f0fceb5560b89a7dc14e4f3288bbd880e96903ed9b50ec2b5799e58b" -CVE_PRODUCT = "util-linux" +CVE_PRODUCT = "kernel:util-linux"