On Thu, Mar 21, 2024 at 12:13 +0000, Richard Purdie wrote: > I worry this is a misfiled CPE rather than general statement that > they'd always use this for pytest CVEs. We might want to talk to them > about tweaking it to be consistent? I'm certainly unsure about taking > this patch as it might mask future issues?
I made a mistake. This CPE belongs to the py project by pytest [1]. The vendor name being http://pytest.org tricked me. Searching for pytest in the NIST NVD database yields a single CPE: pytest:py, so I think it is fine to keep it as is, even though a CPE might appear as pytest:pytest instead of python:pytest. [1]: https://github.com/pytest-dev/py -- Emil Kronborg
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#197456): https://lists.openembedded.org/g/openembedded-core/message/197456 Mute This Topic: https://lists.openembedded.org/mt/105047705/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
