From a2c9f142edac448cb1641d8edaa147b6e3d9d7f9 Mon Sep 17 00:00:00 2001
From: Het Patel <hetpat@cisco.com>
Date: Thu, 8 Aug 2024 22:57:00 -0700
Subject: [PATCH] zlib: Add CVE_PRODUCT to exclude false positives

To avoid false positives (such as CVE-2023-6992, cloudflare:zlib), add a
CVE_PRODUCT to identify the vendors that have been used.

Removing the present existing CVE_STATUS for CVE-2023-6992.

(From OE-Core rev: 85427d225416b3b12bf05513c9427370309b2127)

Signed-off-by: Het Patel <hetpat@cisco.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 119b775b36dfd51286493763cffb6e965893b8fd)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-core/zlib/zlib_1.3.1.bb | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/meta/recipes-core/zlib/zlib_1.3.1.bb b/meta/recipes-core/zlib/zlib_1.3.1.bb
index e6a81ef789..486431dfff 100644
--- a/meta/recipes-core/zlib/zlib_1.3.1.bb
+++ b/meta/recipes-core/zlib/zlib_1.3.1.bb
@@ -47,4 +47,6 @@ do_install_ptest() {
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_STATUS[CVE-2023-45853] = "not-applicable-config: we don't build minizip"
-CVE_STATUS[CVE-2023-6992] = "cpe-incorrect: this CVE is for cloudflare zlib"
+
+# Adding 'CVE_PRODUCT' to avoid false detection of CVEs
+CVE_PRODUCT = "zlib:zlib gnu:zlib"