On 15 Jan 2025, at 15:29, Madhu Marri via lists.openembedded.org <madmarri=cisco....@lists.openembedded.org> wrote: > > - To avoid false positives such as CVE-2000-0006, add the CVE_PRODUCT > value with the vendor.
But CVE-2000-0006 is specific to this strace, not another strace. Quoting from the original reference (https://web.archive.org/web/20030710214947/http://www.securityfocus.com/archive/1/39831): “”” When you see snippet from strace, that says: open("/etc/passwd", O_RDONLY) = 3 Do you trust it? You should not. “”” You may disagree with the premise of the CVE and mark it as not an issue, but it _is_ a strace CVE. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#210027): https://lists.openembedded.org/g/openembedded-core/message/210027 Mute This Topic: https://lists.openembedded.org/mt/110629272/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
