From: Himanshu Jadon <[email protected]> `CVE_PRODUCT` has been set to `linuxfoundation:containerd` to align with the product naming defined in the NVD CPE database for `containerd`.
Only a single CPE entry exists in the NVD for this product: `cpe:2.3:a:linuxfoundation:containerd` The NVD references for this CPE confirm that it corresponds to the source code used in our recipe. Signed-off-by: Himanshu Jadon <[email protected]> --- recipes-containers/containerd/containerd_git.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/recipes-containers/containerd/containerd_git.bb b/recipes-containers/containerd/containerd_git.bb index d69518d4..51d7c2e2 100644 --- a/recipes-containers/containerd/containerd_git.bb +++ b/recipes-containers/containerd/containerd_git.bb @@ -105,3 +105,6 @@ RDEPENDS:${PN} += " ${VIRTUAL-RUNTIME_container_runtime}" ## configured in the distro, since we may have collisions. CNI_NETWORKING_FILES ?= "${UNPACKDIR}/cni-containerd-net.conflist" inherit cni_networking + +# Add CVE_PRODUCT to match the NVD CPE product name +CVE_PRODUCT = "linuxfoundation:containerd" -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#9676): https://lists.yoctoproject.org/g/meta-virtualization/message/9676 Mute This Topic: https://lists.yoctoproject.org/mt/118532463/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
