[OE-core][wrynose 01/52] shadow: set CVE_PRODUCT

Fri, 08 May 2026 00:12:15 -0700 

From: Peter Marko <[email protected]>

This will remove CVE-2016-15024 from open cve reports.
This CVE for is for "doomsider:shadow" [1].

It will also remove
* CVE-2018-16588 (suse:shadow, [2])
* CVE-2019-16110 (blade-group:shadow [3])
which can be verified that they don't affect Yocto shadow.

[1] https://security-tracker.debian.org/tracker/CVE-2016-15024
[2] https://security-tracker.debian.org/tracker/CVE-2018-16588
[3] https://security-tracker.debian.org/tracker/CVE-2019-16110

Signed-off-by: Peter Marko <[email protected]>
Signed-off-by: Richard Purdie <[email protected]>
(cherry picked from commit 2946e238d2a3947c1a51c4ac1c86c8284f68e4cf)
Signed-off-by: Yoann Congal <[email protected]>
---
 meta/recipes-extended/shadow/shadow_4.19.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-extended/shadow/shadow_4.19.4.bb 
b/meta/recipes-extended/shadow/shadow_4.19.4.bb
index 94f155641cc..f70d1ca5f38 100644
--- a/meta/recipes-extended/shadow/shadow_4.19.4.bb
+++ b/meta/recipes-extended/shadow/shadow_4.19.4.bb
@@ -38,6 +38,8 @@ PAM_SRC_URI = "file://pam.d/chfn \
                file://pam.d/passwd \
                file://pam.d/su"
 
+CVE_PRODUCT = "debian:shadow shadow_project:shadow"
+
 inherit autotools gettext github-releases pkgconfig
 
 export CONFIG_SHELL = "/bin/sh"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#236643): 
https://lists.openembedded.org/g/openembedded-core/message/236643
Mute This Topic: https://lists.openembedded.org/mt/119210600/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to