diff mbox series

squashfs-tools: add another CPE

Message ID 20260518-squashfs-cpe-v1-1-01b896d5e116@cherry.de
State New
Headers show
Series squashfs-tools: add another CPE | expand

Commit Message

Quentin Schulz May 18, 2026, 4:41 p.m. UTC 
From: Quentin Schulz <quentin.schulz@cherry.de>

The NVD has two additional CPEs for squashfs-tools pointing at the same
GitHub git repo, squashfs_project:squashfs-tools[1] and
squashfs-tools_project:squashfs-tools[2].

There are no other matches for squashfs-tools in the NVD except those
two, so don't specify the vendor for now and match both vendors with
only one entry in CVE_PRODUCT.

[1] https://nvd.nist.gov/products/cpe/detail/029FFEC5-FB40-4591-A864-90CB97E80FEA
[2] https://nvd.nist.gov/products/cpe/detail/ADE3E55D-5CBD-49B3-85B4-2035A9B380B3

Signed-off-by: Quentin Schulz <quentin.schulz@cherry.de>
---
Not tested, I just was comparing which CPEs are missing in my Buildroot
SBOM (which only generates max one CPE per package) against packages
that can be found in Yocto where more CPEs are allowed and stumbled upon
more CPEs for squashfs-tools that aren't in Yocto yet, so adding them.
---
 meta/recipes-devtools/squashfs-tools/squashfs-tools_4.7.5.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


---
base-commit: 3724b93538d3acbec9f48d4c524b51d166071708
change-id: 20260518-squashfs-cpe-cca02a5fef28

Best regards,
--  
Quentin Schulz <quentin.schulz@cherry.de>
diff mbox series

Patch

diff --git a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.7.5.bb b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.7.5.bb
index 7741039fcf..9a1ebd575c 100644
--- a/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.7.5.bb
+++ b/meta/recipes-devtools/squashfs-tools/squashfs-tools_4.7.5.bb
@@ -38,4 +38,4 @@  ARM_INSTRUCTION_SET:armv6 = "arm"
 
 BBCLASSEXTEND = "native nativesdk"
 
-CVE_PRODUCT = "squashfs"
+CVE_PRODUCT = "squashfs squashfs-tools"