Re: cve-checker name collisions


Mikko Rapeli
 

Hi,

On Fri, Jan 24, 2020 at 11:02:02AM +0200, Anders Montonen wrote:
Hi,

What's the best way for handling name collisions when using the cve-checker
tool? For example, there's a ton of Adobe Flex vulnerabilities that are
reported against the Flex lexical analyzer generator tool. Whitelisting the
individual CVEs would be one option, but the list is pretty long.
Set CVE_PRODUCT to match real NVD product name with possibly vendor too.

There are a few examples in poky master.

Cheers,

-Mikko

Regards,
Anders Montonen

Join yocto@lists.yoctoproject.org to automatically receive all group messages.