Re: [oe] [PATCH 2/2] audit: Add linux_audit to CVE_PRODUCT

Wed, 17 Jul 2024 21:38:12 -0700 

Hello,
Are not there any vulnerabilities where the vendor is other than 
linux_audit_project?

Kind regards,
Shinji
From: Marta Rybczynska <rybczyn...@gmail.com>
Sent: Wednesday, July 17, 2024 8:57 PM
To: Matsunaga, Shinji/松永 慎司 <shin.matsun...@fujitsu.com>
Cc: raj.k...@gmail.com; openembedded-devel@lists.openembedded.org; Tokumoto, 
Shunsuke/徳本 俊介 <s-tokum...@fujitsu.com>
Subject: Re: [oe] [PATCH 2/2] audit: Add linux_audit to CVE_PRODUCT



On Wed, Jul 17, 2024 at 8:39 AM Matsunaga-Shinji via 
lists.openembedded.org<http://lists.openembedded.org> 
<shin.matsunaga=fujitsu....@lists.openembedded.org<mailto:fujitsu....@lists.openembedded.org>>
 wrote:
linux_audit is also a valid CVE_PRODUCT for audit,
e.g., https://nvd.nist.gov/vuln/detail/CVE-2015-5186.

Signed-off-by: Shinji Matsunaga 
<shin.matsun...@fujitsu.com<mailto:shin.matsun...@fujitsu.com>>
Signed-off-by: Shunsuke Tokumoto 
<s-tokum...@fujitsu.com<mailto:s-tokum...@fujitsu.com>>
---
 meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git 
a/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> 
b/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb>
index bd8f8cc31..0b5857cbf 100644
--- a/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb>
+++ b/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb>
@@ -102,4 +102,4 @@ do_install:append() {
     install -d -m 0700 ${D}${localstatedir}/spool/audit
 }

-CVE_PRODUCT = "linux:audit"
+CVE_PRODUCT = "linux:audit linux_audit"

Hello,
I think it will be better to put linux_audit_project:linux_audit

What do you think?

Kind regards,
Marta

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#111390): 
https://lists.openembedded.org/g/openembedded-devel/message/111390
Mute This Topic: https://lists.openembedded.org/mt/107266993/21656
Group Owner: openembedded-devel+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to