On 10 Jul 2026, at 08:43, mark.yang via lists.openembedded.org 
<[email protected]> wrote:
> NVD lists it as cryptography.io:cryptography,
> and CNA lists it as pyca:cryptography, so CVE_PRODUCT is set to cryptography.

“cryptography” is vague and will no doubt cause false-positives in the future, 
and CVE_PRODUCT is actually a list, so setting it to 
"cryptography.io:cryptography pyca:cryptography” will match correctly and 
precisely.

Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240850): 
https://lists.openembedded.org/g/openembedded-core/message/240850
Mute This Topic: https://lists.openembedded.org/mt/120203220/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to