[meta-oe] smarty: extend CVE_PRODUCT

Message ID	20251225131512.2706664-1-skandigraun@gmail.com
State	Under Review
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.44, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-oe][PATCH] smarty: extend CVE_PRODUCT Date: Thu, 25 Dec 2025 14:15:12 +0100 Message-ID: <20251225131512.2706664-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-oe] smarty: extend CVE_PRODUCT \| expand [meta-oe] smarty: extend CVE_PRODUCT

Message ID

20251225131512.2706664-1-skandigraun@gmail.com

State

Under Review

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-oe][PATCH] smarty: extend CVE_PRODUCT
Date: Thu, 25 Dec 2025 14:15:12 +0100
Message-ID: <20251225131512.2706664-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-oe] smarty: extend CVE_PRODUCT | expand

Commit Message

Gyorgy Sarvari Dec. 25, 2025, 1:15 p.m. UTC

Some CVEs assign smarty-php as the vendor to the corresponding CPE.
E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre
(NVD tracks it without CPE).

[1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-oe/recipes-support/smarty/smarty_5.7.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-support/smarty/smarty_5.7.0.bb b/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
index e7281a30b5..1d21c7eedf 100644
--- a/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
+++ b/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
@@ -34,4 +34,4 @@  FILES:${PN} += "${datadir}/php/smarty3/"
 
 RDEPENDS:${PN} = "php"
 
-CVE_PRODUCT = "smarty:smarty"
+CVE_PRODUCT = "smarty:smarty smarty-php:smarty"

[meta-oe] smarty: extend CVE_PRODUCT

Commit Message

Patch