On 10 Jul 2026, at 08:43, mark.yang via lists.openembedded.org 
<[email protected]> wrote:
> The default python:pyasn1 does not match the NVD/CNA entries which use pyasn1 
> as vendor, so CVEs like CVE-2026-30922
> are never reported.

Where we know the exact CPE that is used, we should use it.  Can you set 
CVE_PRODUCT to pyasn1:pyasn1 instead.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240849): 
https://lists.openembedded.org/g/openembedded-core/message/240849
Mute This Topic: https://lists.openembedded.org/mt/120203219/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to