On 7 December 2016 at 14:58, Mariano Lopez <mariano.lo...@linux.intel.com> wrote:
> > Those CVEs which are listed in the nvd.xml file under > "cpe:/a:haxx:libcurl: are not detected and reported by cve-check tool. > > In the case of libcurl, it is build using the curl recipe, and currently > cve-check class will look for BPN, so it won't check against libcurl. > Can you open a bug for this? > A fix for this is trivial but we need a variable name. Any objections or better suggestions to CVE_PRODUCT? Ross
-- _______________________________________________ yocto mailing list yocto@yoctoproject.org https://lists.yoctoproject.org/listinfo/yocto