Hi Ross,
No, you are right. However, I think it would make sense to include CVE_PRODUCT
in xorg-lib-common.inc instead. What do you think?
Emil
________________________________
From: Ross Burton <ross.bur...@arm.com>
Sent: Friday, August 25, 2023 17:16
To: Emil Kronborg Andersen <em...@prevas.dk>
Cc: openembedded-core@lists.openembedded.org
<openembedded-core@lists.openembedded.org>
Subject: Re: [OE-core] [PATCH 3/3] libx11-compose-data: add CVE_PRODUCT
On 24 Aug 2023, at 14:41, Emil Kronborg Andersen via lists.openembedded.org
<emkan=prevas...@lists.openembedded.org> wrote:
>
> Signed-off-by: Emil Kronborg Andersen <em...@prevas.dk>
> ---
> meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb | 2 ++
> 1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb
> b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb
> index 2131f46213..5d5762456c 100644
> --- a/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb
> +++ b/meta/recipes-graphics/xorg-lib/libx11-compose-data_1.8.4.bb
> @@ -33,3 +33,5 @@ do_install() {
> PACKAGES = "${PN}"
>
> FILES:${PN} = "${datadir}/X11/locale ${libdir}/X11/locale"
> +
> +CVE_PRODUCT += "x.org:libx11”
This is _just_ the compose data, is it feasible for this to have a CVE?
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#186817):
https://lists.openembedded.org/g/openembedded-core/message/186817
Mute This Topic: https://lists.openembedded.org/mt/100935314/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
