go: set vendor in CVE_PRODUCT - linux/poky.git - Mirror of git.yoctoproject.org/poky

diff options

author	Ross Burton <ross.burton@arm.com>	2023-12-11 13:49:46 +0000
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2023-12-13 11:34:27 +0000
commit	7cf0c30096913f977c1bd0d7e2b167cac6b93aec (patch)
tree	020c0f3ca613149abc6ee59c8a6d0b17ae0785c9 /scripts/lib/devtool/sdk.py
parent	f32178a2465ad59ec1618f57d2afd2fa9f366710 (diff)
download	poky-7cf0c30096913f977c1bd0d7e2b167cac6b93aec.tar.gz

go: set vendor in CVE_PRODUCT

It's not uncommon for specific third party modules to use "go" as the product[1]. However, the canonical CPE for the official Go language/runtime is always golang:go[2], so use that explicitly. [1] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-49292 [2] e.g. https://nvd.nist.gov/vuln/detail/CVE-2023-39320 (From OE-Core rev: fc3e9cce9e1a5aa5dc9a5ad4abdd4eb61f868d37) Signed-off-by: Ross Burton <ross.burton@arm.com> Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'scripts/lib/devtool/sdk.py')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: