[Buildroot] Adding new products in the CPE database ?
Thomas Petazzoni
thomas.petazzoni at bootlin.com
Mon Oct 4 07:49:15 UTC 2021
Hello Matt,
I was wondering what was the process to add a new product in the CPE
database.
Indeed, I was investigating
https://security-tracker.debian.org/tracker/CVE-2011-3332, which is
affecting our "argus" package.
However CVE-2011-3332 affects the Argus product from Iceni, a PDF
extracting tool at https://www.iceni.com/legacy.htm.
This is completely different than the Argus package we have, which is
https://openargus.org/.
The NVD CPE database has several Argus products known:
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=argus.
From Iceni, from Oracle, from Litronic. But none of them correspond to
the Argus that we have packaged.
So I guess we need to tell the NVD people to add an entry in the CPE
database for this other Argus product, so that we can then amend our
argus.mk package with the appropriate CPE ID information.
Thanks for your feedback!
Thomas
--
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
More information about the buildroot
mailing list