On Wed, 2026-05-20 at 01:29 +0200, Yoann Congal via lists.openembedded.org wrote: > From: Peter Marko <[email protected]> > > This CVE is for SDL_IMAGE, not SDL. > > Mapping in sbom-cve-check tool seems to be wrong at [1]. > It maps both SDL and SDL_IMAGE to the same CPE. > > [1] > https://github.com/bootlin/sbom-cve-check/blob/v1.3.0/src/sbom_cve_check/products/products.toml#L1608 > > Signed-off-by: Peter Marko <[email protected]> > Signed-off-by: Richard Purdie <[email protected]> > (cherry picked from commit fef169063e49f516ea96e2243869808ba58550d0) > Signed-off-by: Yoann Congal <[email protected]>
Hi Yoann, We should not need to backport this if we take the update to sbom-cve-check 1.3.1 (earlier in this series) as it fixes the offending products.toml entries. https://github.com/bootlin/sbom-cve-check/commit/30a5b3e94bbdd27557d3b8b7b1917b9980fc2564 Best regards, -- Paul Barker
signature.asc
Description: This is a digitally signed message part
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237387): https://lists.openembedded.org/g/openembedded-core/message/237387 Mute This Topic: https://lists.openembedded.org/mt/119400568/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
