Hello, Are not there any vulnerabilities where the vendor is other than linux_audit_project?
Kind regards, Shinji From: Marta Rybczynska <[email protected]> Sent: Wednesday, July 17, 2024 8:57 PM To: Matsunaga, Shinji/松永 慎司 <[email protected]> Cc: [email protected]; [email protected]; Tokumoto, Shunsuke/徳本 俊介 <[email protected]> Subject: Re: [oe] [PATCH 2/2] audit: Add linux_audit to CVE_PRODUCT On Wed, Jul 17, 2024 at 8:39 AM Matsunaga-Shinji via lists.openembedded.org<http://lists.openembedded.org> <[email protected]<mailto:[email protected]>> wrote: linux_audit is also a valid CVE_PRODUCT for audit, e.g., https://nvd.nist.gov/vuln/detail/CVE-2015-5186. Signed-off-by: Shinji Matsunaga <[email protected]<mailto:[email protected]>> Signed-off-by: Shunsuke Tokumoto <[email protected]<mailto:[email protected]>> --- meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> b/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> index bd8f8cc31..0b5857cbf 100644 --- a/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> +++ b/meta-oe/recipes-security/audit/audit_4.0.1.bb<http://audit_4.0.1.bb> @@ -102,4 +102,4 @@ do_install:append() { install -d -m 0700 ${D}${localstatedir}/spool/audit } -CVE_PRODUCT = "linux:audit" +CVE_PRODUCT = "linux:audit linux_audit" Hello, I think it will be better to put linux_audit_project:linux_audit What do you think? Kind regards, Marta
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#111390): https://lists.openembedded.org/g/openembedded-devel/message/111390 Mute This Topic: https://lists.openembedded.org/mt/107266993/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
