On Fri, Aug 9, 2024 at 8:24 AM Marta Rybczynska via lists.openembedded.org <[email protected]> wrote:
> CVE_STATUS contains assesment of a given CVE, but until now it didn't have > include the affected vendor/product. In the case of a global system > include, > that CVE_STATUS was visible in all recipes. > > This patch allows encoding of affected product/vendor to each CVE_STATUS > assessment, also for groups. We can then filter them later and use only > CVEs that correspond to the recipe. > > This is going to be used in > meta/conf/distro/include/cve-extra-exclusions.inc > and similar places. This is what I came with for the encoding of CPEs. If the idea is OK, I integrate in the cve-check/vex patchset, and we're going to add a few test cases for this too... Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#203153): https://lists.openembedded.org/g/openembedded-core/message/203153 Mute This Topic: https://lists.openembedded.org/mt/107803913/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
