wic: set CVE_PRODUCT

Message ID	20260413202233.2335301-1-ross.burton@arm.com
State	Under Review
Headers	show Return-Path: <ross.burton@arm.com> ip: 217.140.110.172, mailfrom: ross.burton@arm.com) From: Ross Burton <ross.burton@arm.com> To: openembedded-core@lists.openembedded.org Subject: [PATCH] wic: set CVE_PRODUCT Date: Mon, 13 Apr 2026 21:22:33 +0100 Message-ID: <20260413202233.2335301-1-ross.burton@arm.com> MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable
Series	wic: set CVE_PRODUCT \| expand wic: set CVE_PRODUCT

Message ID

20260413202233.2335301-1-ross.burton@arm.com

State

Under Review

Headers

From: Ross Burton <ross.burton@arm.com>
To: openembedded-core@lists.openembedded.org
Subject: [PATCH] wic: set CVE_PRODUCT
Date: Mon, 13 Apr 2026 21:22:33 +0100
Message-ID: <20260413202233.2335301-1-ross.burton@arm.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

Series

wic: set CVE_PRODUCT | expand

Commit Message

Ross Burton April 13, 2026, 8:22 p.m. UTC

There are CVEs such as CVE-2008-6713 which have a CPE of *:wic, which
get reported for our wic now that it has been split out to a standalone
tool.

Set CVE_PRODUCT to yoctoproject:wic to avoid this. There are no CVEs for
wic yet, but this is the likely CPE that would be used.

[1] https://nvd.nist.gov/vuln/detail/CVE-2008-6713

Signed-off-by: Ross Burton <ross.burton@arm.com>
---
 meta/recipes-support/wic/wic_0.3.0.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-support/wic/wic_0.3.0.bb b/meta/recipes-support/wic/wic_0.3.0.bb
index a0a2773c76e..7dbf84b039a 100644
--- a/meta/recipes-support/wic/wic_0.3.0.bb
+++ b/meta/recipes-support/wic/wic_0.3.0.bb
@@ -6,6 +6,8 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=4ee23c52855c222cba72583d301d2338"
 SRC_URI = "git://git.yoctoproject.org/wic.git;branch=master;protocol=https;tag=v${PV}"
 SRCREV = "5974ade11032f218841d9f449ef0efeee3f9a2ca"
 
+CVE_PRODUCT = "yoctoproject:wic"
+
 inherit python_hatchling
 
 RDEPENDS:${PN} += " \

wic: set CVE_PRODUCT

Commit Message

Patch