[PATCH 1/2] trusted-firmware-a.mk: use correct CPE ID
stijn at linux-ipv6.be
stijn at linux-ipv6.be
Tue Dec 20 10:04:53 PST 2022
There are 2 different CPE IDs on the NVD website:
cpe:/a:arm:trusted_firmware-a
cpe:/o:arm:arm_trusted_firmware
The ID as currently used in trusted-firmware-a.mk does not exist. The
CPE ID using the arm_trusted_firmware product name only lists a few
records for versions 2.2 and 2.3 on the NVD site. The CPE ID using the
trusted_firmware-a product name lists many more records, and actually
has a CVE linked to it. Therefore, use the CPE ID using the
trusted_firmware-a product name.
Fixes: 104d60fe94ce ("trusted-firmware-a.mk: add PKG_CPE_ID")
Signed-off-by: Stijn Tintel <stijn at linux-ipv6.be>
---
include/trusted-firmware-a.mk | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/include/trusted-firmware-a.mk b/include/trusted-firmware-a.mk
index 0b37c0f943..082ada269c 100644
--- a/include/trusted-firmware-a.mk
+++ b/include/trusted-firmware-a.mk
@@ -1,5 +1,5 @@
PKG_NAME ?= trusted-firmware-a
-PKG_CPE_ID ?= cpe:/a:arm:arm_trusted_firmware
+PKG_CPE_ID ?= cpe:/a:arm:trusted_firmware-a
ifndef PKG_SOURCE_PROTO
PKG_SOURCE = trusted-firmware-a-$(PKG_VERSION).tar.gz
--
2.38.2
More information about the openwrt-devel
mailing list