On 10 Jul 2026, at 08:43, mark.yang via lists.openembedded.org <[email protected]> wrote: > The default python:pyasn1 does not match the NVD/CNA entries which use pyasn1 > as vendor, so CVEs like CVE-2026-30922 > are never reported.
Where we know the exact CPE that is used, we should use it. Can you set CVE_PRODUCT to pyasn1:pyasn1 instead. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240849): https://lists.openembedded.org/g/openembedded-core/message/240849 Mute This Topic: https://lists.openembedded.org/mt/120203219/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
