Fix "audit" set in CVE_PRODUCT to "linux:audit" to detect only vulnerabilities where the vendor is "linux".
Currently, CVE_PRODUCT also detects vulnerabilities where the vendor is "visionsoft", which are unrelated to the "audit" in this recipe. https://www.opencve.io/cve?vendor=visionsoft&product=audit In addition, all the vulnerabilities currently detected in "audit" have the vendor of "visionsoft" or "linux". Therefore, fix "audit" set in CVE_PRODUCT to "linux:audit". Signed-off-by: Shinji Matsunaga <shin.matsun...@fujitsu.com> Signed-off-by: Shunsuke Tokumoto <s-tokum...@fujitsu.com> --- meta-oe/recipes-security/audit/audit_4.0.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-oe/recipes-security/audit/audit_4.0.1.bb b/meta-oe/recipes-security/audit/audit_4.0.1.bb index c189cfea5..bd8f8cc31 100644 --- a/meta-oe/recipes-security/audit/audit_4.0.1.bb +++ b/meta-oe/recipes-security/audit/audit_4.0.1.bb @@ -101,3 +101,5 @@ do_install:append() { # Create /var/spool/audit directory for audisp-remote install -d -m 0700 ${D}${localstatedir}/spool/audit } + +CVE_PRODUCT = "linux:audit" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111378): https://lists.openembedded.org/g/openembedded-devel/message/111378 Mute This Topic: https://lists.openembedded.org/mt/107266990/21656 Group Owner: openembedded-devel+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-