diff mbox series

[scarthgap,15/23] apt: Add CVE_PRODUCT to support product name

Message ID 28d3ab81b9386bda16e196ed2934967843413186.1777995876.git.fabien.thomas@smile.fr
State New
Headers show
Series [scarthgap,01/23] libpng: fix CVE-2026-33636 | expand

Commit Message

Fabien Thomas May 5, 2026, 4:57 p.m. UTC 
From: Himanshu Jadon <hjadon@cisco.com>

- Keep both the older deprecated debian:apt alias and the active
  debian:advanced_package_tool identity in CVE_PRODUCT.
- This preserves completeness and avoids missing CVEs in case older
  aliases are still used in NVD records.

Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 4c777220ee5740b800f4128da79c24f7e42c7b88)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
[FT: Rebase onto scarthgap-next]
Signed-off-by: Fabien Thomas <fabien.thomas@smile.fr>
---
 meta/recipes-devtools/apt/apt_2.6.1.bb | 3 +++
 1 file changed, 3 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/apt/apt_2.6.1.bb b/meta/recipes-devtools/apt/apt_2.6.1.bb
index 436e2e8cad..12915660b0 100644
--- a/meta/recipes-devtools/apt/apt_2.6.1.bb
+++ b/meta/recipes-devtools/apt/apt_2.6.1.bb
@@ -141,3 +141,6 @@  do_install:append() {
 	# Avoid non-reproducible -src package
 	sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc
 }
+
+# Add CVE_PRODUCT to match the NVD CPE product name
+CVE_PRODUCT = "debian:apt debian:advanced_package_tool"