From: Het Patel <[email protected]> The current `CVE_PRODUCT` value (`kernel:selinux`) is incorrect for this recipe.
Root Cause Analysis: `CVE-2020-10751` is reported against the `kernel:selinux` CPE, and its fix (https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fb73974172ff) applies to the Linux kernel source tree. This change is unrelated to the source code used by this recipe. Change Justification: `CVE-2021-36084` is reported against the `selinux_project:selinux` CPE. Its fix (https://github.com/SELinuxProject/selinux/commit/f34d3d30c832) directly applies to the SELinux source repository used by this recipe, confirming the vulnerability is applicable to this product. Based on this analysis, `CVE_PRODUCT` has been updated to the correct value: `selinux_project:selinux` Signed-off-by: Het Patel <[email protected]> --- recipes-security/selinux/selinux_common.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/recipes-security/selinux/selinux_common.inc b/recipes-security/selinux/selinux_common.inc index a7f704d..aaf0b90 100644 --- a/recipes-security/selinux/selinux_common.inc +++ b/recipes-security/selinux/selinux_common.inc @@ -20,4 +20,4 @@ do_install() { SHLIBDIR="${base_libdir}" } -CVE_PRODUCT ?= "kernel:selinux" +CVE_PRODUCT ?= "selinux_project:selinux"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124691): https://lists.openembedded.org/g/openembedded-devel/message/124691 Mute This Topic: https://lists.openembedded.org/mt/118026141/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
