On Wed May 20, 2026 at 9:37 AM CEST, Paul Barker wrote: > On Wed, 2026-05-20 at 01:29 +0200, Yoann Congal via > lists.openembedded.org wrote: >> From: Peter Marko <[email protected]> >> >> This CVE is for SDL_IMAGE, not SDL. >> >> Mapping in sbom-cve-check tool seems to be wrong at [1]. >> It maps both SDL and SDL_IMAGE to the same CPE. >> >> [1] >> https://github.com/bootlin/sbom-cve-check/blob/v1.3.0/src/sbom_cve_check/products/products.toml#L1608 >> >> Signed-off-by: Peter Marko <[email protected]> >> Signed-off-by: Richard Purdie <[email protected]> >> (cherry picked from commit fef169063e49f516ea96e2243869808ba58550d0) >> Signed-off-by: Yoann Congal <[email protected]> > > Hi Yoann, > > We should not need to backport this if we take the update to > sbom-cve-check 1.3.1 (earlier in this series) as it fixes the offending > products.toml entries. > > https://github.com/bootlin/sbom-cve-check/commit/30a5b3e94bbdd27557d3b8b7b1917b9980fc2564
Agreed, I removed it from my branch, I'll send a v2 of the series. Thanks! > > Best regards, -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#237388): https://lists.openembedded.org/g/openembedded-core/message/237388 Mute This Topic: https://lists.openembedded.org/mt/119400568/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
