The CVE database correctly reports CVEs for oracle_berkley_db and berkley_db. We use the oracle_berkley_db source tree and therefore should only check for oracle_berkely_db CVEs. Otherwise the scanner falsely reports CVEs that are fixed in oracle_berkley_db
This reverts commit ad799b109716ccd2f44dcf7a6a4cfcbd622ea661. Signed-off-by: Steve Sakoman <[email protected]> --- meta/recipes-support/db/db_5.3.28.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta/recipes-support/db/db_5.3.28.bb b/meta/recipes-support/db/db_5.3.28.bb index d5b788a3d7..5e9305ab06 100644 --- a/meta/recipes-support/db/db_5.3.28.bb +++ b/meta/recipes-support/db/db_5.3.28.bb @@ -15,7 +15,7 @@ HOMEPAGE = "https://www.oracle.com/database/technologies/related/berkeleydb.html LICENSE = "Sleepycat" RCONFLICTS:${PN} = "db3" -CVE_PRODUCT = "oracle_berkeley_db berkeley_db" +CVE_PRODUCT = "oracle_berkeley_db" CVE_VERSION = "11.2.${PV}" PR = "r1" -- 2.25.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#156017): https://lists.openembedded.org/g/openembedded-core/message/156017 Mute This Topic: https://lists.openembedded.org/mt/85608645/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
