[Buildroot] Adding new products in the CPE database ?

Arnout Vandecappelle arnout at mind.be
Tue Oct 5 19:01:28 UTC 2021



On 04/10/2021 09:49, Thomas Petazzoni wrote:
> Hello Matt,
> 
> I was wondering what was the process to add a new product in the CPE
> database.
> 
> Indeed, I was investigating
> https://security-tracker.debian.org/tracker/CVE-2011-3332, which is
> affecting our "argus" package.
> 
> However CVE-2011-3332 affects the Argus product from Iceni, a PDF
> extracting tool at https://www.iceni.com/legacy.htm.
> 
> This is completely different than the Argus package we have, which is
> https://openargus.org/.
> 
> The NVD CPE database has several Argus products known:
> https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=argus.
>  From Iceni, from Oracle, from Litronic. But none of them correspond to
> the Argus that we have packaged.
> 
> So I guess we need to tell the NVD people to add an entry in the CPE
> database for this other Argus product, so that we can then amend our
> argus.mk package with the appropriate CPE ID information.

  I believe it's simply sending mail to cpe_dictionary at nist.gov. From [1]:


"Organizations interested in submitting CPE Names should contact the NVD CPE 
team at cpe_dictionary at nist.gov for help with the processing of their 
submission."


  Regards,
  Arnout


[1] https://nvd.nist.gov/products/cpe


More information about the buildroot mailing list