On 24 Jan 2020, at 12:54, Ross Burton <[email protected]> wrote: > > On 24/01/2020 09:02, Anders Montonen wrote: >> Hi, >> What's the best way for handling name collisions when using the cve-checker >> tool? For example, there's a ton of Adobe Flex vulnerabilities that are >> reported against the Flex lexical analyzer generator tool. Whitelisting the >> individual CVEs would be one option, but the list is pretty long. > > Set CVE_PRODUCT, if you use a colon then you can set the vendor too. > > This specific instance is already fixed in oe-core master: > > # Not Apache Flex, or Adobe Flex, or IBM Flex. > CVE_PRODUCT = "flex_project:flex”
Thanks (and to Mikko too), that worked, though I’m a bit curious how one would find the proper vendor name, especially for a project like this where there’s no clear company name. Regards, Anders
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#48153): https://lists.yoctoproject.org/g/yocto/message/48153 Mute This Topic: https://lists.yoctoproject.org/mt/70066324/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/yocto/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
