To avoid false positives (such as CVE-2010-0734, rubygems:curl), expand the CVE_PRODUCT list to include all the vendors that have been used.
Signed-off-by: Ross Burton <[email protected]> --- meta/recipes-support/curl/curl_7.72.0.bb | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/meta/recipes-support/curl/curl_7.72.0.bb b/meta/recipes-support/curl/curl_7.72.0.bb index e7f5492694..a2ae0b6901 100644 --- a/meta/recipes-support/curl/curl_7.72.0.bb +++ b/meta/recipes-support/curl/curl_7.72.0.bb @@ -11,7 +11,9 @@ SRC_URI = "http://curl.haxx.se/download/curl-${PV}.tar.bz2 \ SRC_URI[sha256sum] = "ad91970864102a59765e20ce16216efc9d6ad381471f7accceceab7d905703ef" -CVE_PRODUCT = "curl libcurl" +# Curl has used many names over the years... +CVE_PRODUCT = "haxx:curl haxx:libcurl curl:curl curl:libcurl libcurl:libcurl daniel_stenberg:curl" + inherit autotools pkgconfig binconfig multilib_header PACKAGECONFIG ??= "${@bb.utils.filter('DISTRO_FEATURES', 'ipv6', d)} gnutls libidn proxy threaded-resolver verbose zlib" -- 2.28.0
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#142261): https://lists.openembedded.org/g/openembedded-core/message/142261 Mute This Topic: https://lists.openembedded.org/mt/76707207/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
