* [OE-core] [master] [PATCH v2] apt: Add CVE_PRODUCT to support product name
[not found] <e225fccde9314e31a8efa5a171afa97780f67332.camel@...>
@ 2026-04-23 6:11 ` Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco)
0 siblings, 0 replies; only message in thread
From: Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco) @ 2026-04-23 6:11 UTC (permalink / raw)
To: openembedded-core; +Cc: vchavda
From: Himanshu Jadon <hjadon@cisco.com>
- Keep both the older deprecated debian:apt alias and the active
debian:advanced_package_tool identity in CVE_PRODUCT.
- This preserves completeness and avoids missing CVEs in case older
aliases are still used in NVD records.
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
---
Changes in v2:
- keep deprecated debian:apt alias alongside debian:advanced_package_tool
- update rationale to retain both CPEs for completeness
meta/recipes-devtools/apt/apt_3.0.3.bb | 3 +++
1 file changed, 3 insertions(+)
diff --git a/meta/recipes-devtools/apt/apt_3.0.3.bb b/meta/recipes-devtools/apt/apt_3.0.3.bb
index d2dfe48e9a..871564baea 100644
--- a/meta/recipes-devtools/apt/apt_3.0.3.bb
+++ b/meta/recipes-devtools/apt/apt_3.0.3.bb
@@ -148,3 +148,6 @@ do_install:append() {
# Avoid non-reproducible -src package
sed -i -e "s,${B}/include/,,g" ${B}/apt-pkg/tagfile-keys.cc
}
+
+# Add CVE_PRODUCT to match the NVD CPE product name
+CVE_PRODUCT = "debian:apt debian:advanced_package_tool"
--
2.35.6
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2026-04-23 6:11 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
[not found] <e225fccde9314e31a8efa5a171afa97780f67332.camel@...>
2026-04-23 6:11 ` [OE-core] [master] [PATCH v2] apt: Add CVE_PRODUCT to support product name Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco)
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox