cve_check: Fix cpe_id generation

Use "*" (wildcard) instead of "a" (application)in cpe_id generation, as the product is not necessarily of type application, e.g. linux_kernel, which is of type "o" (operating system). (From OE-Core rev: cae9528b002c06143bf048b991b9d7e93968cb6b) (From OE-Core rev: e7c1def3c3c3a72249802ef6fb64292277a7a53e) Signed-off-by: Jasper Orschulko <jasper@fancydomain.eu> Signed-off-by: Luca Ceresoli <luca.ceresoli@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-27 03:32:12 +02:00 · 2023-08-21 14:02:30 +02:00
parent bedbda8561
commit 92983dba65
1 changed files with 1 additions and 1 deletions
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -156,7 +156,7 @@ def get_cpe_ids(cve_product, version):
        else:
            vendor = "*"

-        cpe_id = 'cpe:2.3:a:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
+        cpe_id = 'cpe:2.3:*:{}:{}:{}:*:*:*:*:*:*:*'.format(vendor, product, version)
        cpe_ids.append(cpe_id)

    return cpe_ids