From: Himanshu Jadon <[email protected]> - Keep both the older deprecated debian:apt alias and the active debian:advanced_package_tool identity in CVE_PRODUCT. - This preserves completeness and avoids missing CVEs in case older aliases are still used in NVD records.
Signed-off-by: Himanshu Jadon <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 4c777220ee5740b800f4128da79c24f7e42c7b88) Signed-off-by: Himanshu Jadon <[email protected]> [FT: Rebase onto scarthgap-next] Signed-off-by: Fabien Thomas <[email protected]> --- meta/recipes-devtools/apt/apt_2.6.1.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/apt/apt_2.6.1.bb b/meta/recipes-devtools/apt/apt_2.6.1.bb index 436e2e8cad..12915660b0 100644 --- a/meta/recipes-devtools/apt/apt_2.6.1.bb +++ b/meta/recipes-devtools/apt/apt_2.6.1.bb @@ -141,3 +141,6 @@ do_install:append() { # Avoid non-reproducible -src package sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc } + +# Add CVE_PRODUCT to match the NVD CPE product name +CVE_PRODUCT = "debian:apt debian:advanced_package_tool"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236506): https://lists.openembedded.org/g/openembedded-core/message/236506 Mute This Topic: https://lists.openembedded.org/mt/119164898/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
