cvelistV5 has wrong CPE:
* "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*"
The CVE is actually for golang-google-protobuf as links in the CVE
report prove:
* https://pkg.go.dev/vuln/GO-2024-2611
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
CVE_PRODUCT = "golang:go"
CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2024-24786] = "cpe-incorrect: this CVE is for golang-google-protobuf"
S = "${UNPACKDIR}/go"
# all recipe variants are created from the same product
CVE_PRODUCT = "golang:go"
CVE_STATUS[CVE-2024-3566] = "not-applicable-platform: Issue only applies on Windows"
+CVE_STATUS[CVE-2024-24786] = "cpe-incorrect: this CVE is for golang-google-protobuf"
INHIBIT_PACKAGE_DEBUG_SPLIT = "1"
SSTATE_SCAN_CMD = "true"
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
