On 24/01/2020 09:02, Anders Montonen wrote:
Hi,
What's the best way for handling name collisions when using the
cve-checker tool? For example, there's a ton of Adobe Flex
vulnerabilities that are reported against the Flex lexical analyzer
generator tool. Whitelisting the individual CVEs would be one option,
but the list is pretty long.
Set CVE_PRODUCT, if you use a colon then you can set the vendor too.
This specific instance is already fixed in oe-core master:
# Not Apache Flex, or Adobe Flex, or IBM Flex.
CVE_PRODUCT = "flex_project:flex"
Ross
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#48135): https://lists.yoctoproject.org/g/yocto/message/48135
Mute This Topic: https://lists.yoctoproject.org/mt/70066324/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-
