Re: cve-checker name collisions


Ross Burton
 

On 24/01/2020 09:02, Anders Montonen wrote:
Hi,
What's the best way for handling name collisions when using the cve-checker tool? For example, there's a ton of Adobe Flex vulnerabilities that are reported against the Flex lexical analyzer generator tool. Whitelisting the individual CVEs would be one option, but the list is pretty long.
Set CVE_PRODUCT, if you use a colon then you can set the vendor too.

This specific instance is already fixed in oe-core master:

# Not Apache Flex, or Adobe Flex, or IBM Flex.
CVE_PRODUCT = "flex_project:flex"

Ross

Join yocto@lists.yoctoproject.org to automatically receive all group messages.