| Message ID | 20260413112313.1825573-1-hjadon@cisco.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-oe,master] augeas: Add CVE_PRODUCT to support product name | expand |
On 4/13/26 13:23, Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco) via lists.openembedded.org wrote: > From: Himanshu Jadon <hjadon@cisco.com> > > - Set CVE_PRODUCT to align with the NVD CPE and ensure correct CVE > reporting. > > Signed-off-by: Himanshu Jadon <hjadon@cisco.com> > --- > meta-oe/recipes-support/augeas/augeas_1.12.0.bb | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/meta-oe/recipes-support/augeas/augeas_1.12.0.bb b/meta-oe/recipes-support/augeas/augeas_1.12.0.bb > index 14e818253b..10a3cf5fe1 100644 > --- a/meta-oe/recipes-support/augeas/augeas_1.12.0.bb > +++ b/meta-oe/recipes-support/augeas/augeas_1.12.0.bb > @@ -33,3 +33,6 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" > PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" > > EXTRA_AUTORECONF += "-I ${S}/gnulib/m4" > + > +# Add CVE_PRODUCT to match the NVD CPE product name > +CVE_PRODUCT = "augeas:augeas" > > I can't find any CVE records with a different vendor in the db, and the CPE dictionary at NVD seems to have only one product with this name... are there any misreported CVEs or potentially ambiguous CPEs that I have missed, and that triggered this patch?
diff --git a/meta-oe/recipes-support/augeas/augeas_1.12.0.bb b/meta-oe/recipes-support/augeas/augeas_1.12.0.bb index 14e818253b..10a3cf5fe1 100644 --- a/meta-oe/recipes-support/augeas/augeas_1.12.0.bb +++ b/meta-oe/recipes-support/augeas/augeas_1.12.0.bb @@ -33,3 +33,6 @@ PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'selinux', d)}" PACKAGECONFIG[selinux] = "--with-selinux,--without-selinux,libselinux" EXTRA_AUTORECONF += "-I ${S}/gnulib/m4" + +# Add CVE_PRODUCT to match the NVD CPE product name +CVE_PRODUCT = "augeas:augeas"