[yocto] cve-checker tool
Burton, Ross
ross.burton at intel.com
Wed Dec 7 08:14:34 PST 2016
On 7 December 2016 at 14:58, Mariano Lopez <mariano.lopez at linux.intel.com>
wrote:
> > Those CVEs which are listed in the nvd.xml file under
> "cpe:/a:haxx:libcurl: are not detected and reported by cve-check tool.
>
> In the case of libcurl, it is build using the curl recipe, and currently
> cve-check class will look for BPN, so it won't check against libcurl.
> Can you open a bug for this?
>
A fix for this is trivial but we need a variable name. Any objections or
better suggestions to CVE_PRODUCT?
Ross
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.yoctoproject.org/pipermail/yocto/attachments/20161207/117b5875/attachment.html>
More information about the yocto
mailing list