- To avoid false positives such as CVE-2000-0006, add the CVE_PRODUCT
value with the vendor.
- The CVE-2000-0006 has the vendor paul_kranenburg:strace.
- This change has been verified by running do_cve_check task for
strace package.
Signed-off-by: Madhu Marri <madma...@cisco.com>
---
meta/recipes-devtools/strace/strace_6.12.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/strace/strace_6.12.bb
b/meta/recipes-devtools/strace/strace_6.12.bb
index c16e5dc478..0cbaead216 100644
--- a/meta/recipes-devtools/strace/strace_6.12.bb
+++ b/meta/recipes-devtools/strace/strace_6.12.bb
@@ -53,3 +53,6 @@ do_install_ptest() {
RDEPENDS:${PN}-ptest += "make coreutils grep gawk sed locale-base-en-us"
BBCLASSEXTEND = "native"
+
+# adding 'CVE_PRODUCT' to avoid false detection of CVEs
+CVE_PRODUCT = "strace:strace"
--
2.44.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#209917):
https://lists.openembedded.org/g/openembedded-core/message/209917
Mute This Topic: https://lists.openembedded.org/mt/110629272/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
