| Message ID | mailman.48547.1671559514.4154159.openwrt-devel@lists.openwrt.org |
|---|---|
| State | Accepted |
| Delegated to: | Daniel Golle |
| Headers | show |
| Series | [1/2] trusted-firmware-a.mk: use correct CPE ID | expand |
diff --git a/include/trusted-firmware-a.mk b/include/trusted-firmware-a.mk index 0b37c0f943..082ada269c 100644 --- a/include/trusted-firmware-a.mk +++ b/include/trusted-firmware-a.mk @@ -1,5 +1,5 @@ PKG_NAME ?= trusted-firmware-a -PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware +PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a ifndef PKG_SOURCE_PROTO PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
The sender domain has a DMARC Reject/Quarantine policy which disallows sending mailing list messages using the original "From" header. To mitigate this problem, the original message has been wrapped automatically by the mailing list software. There are 2 different CPE IDs on the NVD website: cpe:/a:arm:trusted_firmware-a cpe:/o:arm:arm_trusted_firmware The ID as currently used in trusted-firmware-a.mk does not exist. The CPE ID using the arm_trusted_firmware product name only lists a few records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the trusted_firmware-a product name lists many more records, and actually has a CVE linked to it. Therefore, use the CPE ID using the trusted_firmware-a product name. Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID") Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be> --- include/trusted-firmware-a.mk | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)