From: Jeffrey Pautler <[email protected]> This recipe sets the product name used for CVE checking to "http_server". However, the cve-check logic matches that name to all products in the CVE database regardless of vendor. Currently, it is matching to products from vendors other than apache. As a result, CVE checking incorrectly reports CVEs for those vendors' products for this package.
Signed-off-by: Jeffrey Pautler <[email protected]> Signed-off-by: Khem Raj <[email protected]> (cherry picked from commit 51f70eaaa5973e385645f574093ee860f5648f88) Signed-off-by: Armin Kuster <[email protected]> --- meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb index 9ffdf3265a..3fbc975fca 100644 --- a/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb +++ b/meta-webserver/recipes-httpd/apache2/apache2_2.4.57.bb @@ -36,7 +36,7 @@ inherit autotools update-rc.d pkgconfig systemd update-alternatives DEPENDS = "openssl expat pcre apr apr-util apache2-native " -CVE_PRODUCT = "http_server" +CVE_PRODUCT = "apache:http_server" SSTATE_SCAN_FILES += "apxs config_vars.mk config.nice" -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#108076): https://lists.openembedded.org/g/openembedded-devel/message/108076 Mute This Topic: https://lists.openembedded.org/mt/103582535/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
