Hi Ross, No, you are right. However, I think it would make sense to include CVE_PRODUCT in xorg-lib-common.inc instead. What do you think?
Emil ________________________________ From: Ross Burton <ross.bur...@arm.com> Sent: Friday, August 25, 2023 17:16 To: Emil Kronborg Andersen <em...@prevas.dk> Cc: openembedded-core@lists.openembedded.org <openembedded-core@lists.openembedded.org> Subject: Re: [OE-core] [PATCH 3/3] libx11-compose-data: add CVE_PRODUCT On 24 Aug 2023, at 14:41, Emil Kronborg Andersen via lists.openembedded.org <emkan=prevas...@lists.openembedded.org> wrote: > > Signed-off-by: Emil Kronborg Andersen <em...@prevas.dk> > --- > meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb | 2 ++ > 1 file changed, 2 insertions(+) > > diff --git a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb > b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb > index 2131f46213..5d5762456c 100644 > --- a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb > +++ b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb > @@ -33,3 +33,5 @@ do_install() { > PACKAGES = "${PN}" > > FILES:${PN} = "${datadir}/X11/locale ${libdir}/X11/locale" > + > +CVE_PRODUCT += "x.org:libx11” This is _just_ the compose data, is it feasible for this to have a CVE? Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#186817): https://lists.openembedded.org/g/openembedded-core/message/186817 Mute This Topic: https://lists.openembedded.org/mt/100935314/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-