[scarthgap] coreutils: set CVE_PRODUCT

Message ID	20260505205201.2139424-1-peter.marko@siemens.com
State	New
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.64.225, mailfrom: fm-256628-20260505205227829bfffda7000207a2-46vy1v@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [scarthgap][PATCH] coreutils: set CVE_PRODUCT Date: Tue, 5 May 2026 22:52:01 +0200 Message-ID: <20260505205201.2139424-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[scarthgap] coreutils: set CVE_PRODUCT \| expand [scarthgap] coreutils: set CVE_PRODUCT

Message ID

20260505205201.2139424-1-peter.marko@siemens.com

State

New

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [scarthgap][PATCH] coreutils: set CVE_PRODUCT
Date: Tue,  5 May 2026 22:52:01 +0200
Message-ID: <20260505205201.2139424-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[scarthgap] coreutils: set CVE_PRODUCT | expand

Commit Message

Peter Marko May 5, 2026, 8:52 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

This removes rust uutils coreutils CVEs from reports.
Comparing sbom-cve-check shows that only
CVE-2026-35338..CVE-2026-35381 are removed and all of them contained
reference to uutils.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

(From OE-Core rev: 5c39687f62e5864ea783cbed497c2eb5387dcf96)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-core/coreutils/coreutils_9.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/coreutils/coreutils_9.4.bb b/meta/recipes-core/coreutils/coreutils_9.4.bb
index caed1f8c499..a9618c8ab84 100644
--- a/meta/recipes-core/coreutils/coreutils_9.4.bb
+++ b/meta/recipes-core/coreutils/coreutils_9.4.bb
@@ -23,6 +23,8 @@  SRC_URI = "${GNU_MIRROR}/coreutils/${BP}.tar.xz \
            "
 SRC_URI[sha256sum] = "ea613a4cf44612326e917201bbbcdfbd301de21ffc3b59b6e5c07e040b275e52"
 
+CVE_PRODUCT = "gnu:coreutils"
+
 # http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=v8.27-101-gf5d7c0842
 #
 CVE_STATUS[CVE-2016-2781] = "disputed: runcon is not really a sandbox command, use `runcon ... setsid ...` to avoid this particular issue."

[scarthgap] coreutils: set CVE_PRODUCT

Commit Message

Patch