From: Peter Marko <[email protected]> Some cves are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*" See https://nvd.nist.gov/vuln/detail/CVE-2023-44487
Signed-off-by: Peter Marko <[email protected]> --- recipes-devtools/go/grpc-go_git.bb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/recipes-devtools/go/grpc-go_git.bb b/recipes-devtools/go/grpc-go_git.bb index d5bfaab9..b3b58ed4 100644 --- a/recipes-devtools/go/grpc-go_git.bb +++ b/recipes-devtools/go/grpc-go_git.bb @@ -39,3 +39,7 @@ go_grpc_sysroot_preprocess () { FILES:${PN} += " \ ${prefix}/local/go/src/${PKG_NAME}/* \ " + +# some CVEs are reported with "cpe:2.3:a:grpc:grpc:*:*:*:*:*:go:*:*" +# it's better to have false positives than false negatives +CVE_PRODUCT += "grpc" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#8422): https://lists.yoctoproject.org/g/meta-virtualization/message/8422 Mute This Topic: https://lists.yoctoproject.org/mt/102400850/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
