From: Peter Marko <[email protected]> This CVE is for SDL_IMAGE, not SDL.
Mapping in sbom-cve-check tool seems to be wrong at [1]. It maps both SDL and SDL_IMAGE to the same CPE. [1] https://github.com/bootlin/sbom-cve-check/blob/v1.3.0/src/sbom_cve_check/products/products.toml#L1608 Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit fef169063e49f516ea96e2243869808ba58550d0) Signed-off-by: Yoann Congal <[email protected]> --- meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb b/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb index 834cf096b97..2b583448ef5 100644 --- a/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb +++ b/meta/recipes-graphics/libsdl2/libsdl2_2.32.10.bb @@ -85,3 +85,5 @@ CFLAGS:append:class-native = " -DNO_SHARED_MEMORY" FILES:${PN} += "${datadir}/licenses/SDL2/LICENSE.txt" BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2026-35444] = "cpe-incorrect: this CVE is for sdl_image"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237358): https://lists.openembedded.org/g/openembedded-core/message/237358 Mute This Topic: https://lists.openembedded.org/mt/119400568/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
