For openssh there must be some bugs or tunings needed to match the version numbers used in CVE to ones in yocto. openssh-6.6p1 has zero matches with the check but I think there are several:
downloads/CVE_CHECK$ grep openssh *xml| grep 6\.6\:p1 nvdcve-2.0-2016.xml: <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.6:p1"/> nvdcve-2.0-2016.xml: <vuln:product>cpe:/a:openbsd:openssh:6.6:p1</vuln:product> nvdcve-2.0-2016.xml: <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.6:p1"/> nvdcve-2.0-2016.xml: <vuln:product>cpe:/a:openbsd:openssh:6.6:p1</vuln:product> How should these tunings be made? -Mikko -- _______________________________________________ Openembedded-core mailing list Openembedded-core@lists.openembedded.org http://lists.openembedded.org/mailman/listinfo/openembedded-core
