ref-manual: add mention of vendor filtering to CVE_PRODUCT

Mention the vendor filtering functionality - prompted by OE-Core revision 45d1a0bea0c628f84a00d641a4d323491988106f. (From yocto-docs rev: 13ff5a49f14a26772b4775d9ecd08627e6becd4d) Signed-off-by: Paul Eggleton <paul.eggleton@microsoft.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Paul Eggleton <paul.eggleton@microsoft.com> 2022-04-21 18:40:37 -0700
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2022-04-25 15:22:12 +0100
commit: b3f040b4a53fb12a9493b0ef73c3575c3f5d1e09 (patch)
tree: 9e416905cfaf8ae3d1e2bb8f72c6f0629084e3a4 /documentation
parent: 8da30555672064b6d3e1d0466b4919d9db59c791 (diff)
download: poky-b3f040b4a53fb12a9493b0ef73c3575c3f5d1e09.tar.gz
1 files changed, 7 insertions, 0 deletions
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst
index 47ea316395..4e90f03ca3 100644
--- a/documentation/ref-manual/variables.rst
+++ b/documentation/ref-manual/variables.rst
@@ -1485,6 +1485,13 @@ system and gives an overview of their function and contents.
         CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
+      Sometimes the product name is not specific enough, for example
+      "tar" has been matching CVEs for the GNU ``tar`` package and also
+      the ``node-tar`` node.js extension. To avoid this problem, use the
+      vendor name as a prefix. The syntax for this is::
+         CVE_PRODUCT = "vendor:package"
   :term:`CVSDIR`
      The directory in which files checked out under the CVS system are
      stored.
author	Paul Eggleton <paul.eggleton@microsoft.com>	2022-04-21 18:40:37 -0700
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2022-04-25 15:22:12 +0100
commit	b3f040b4a53fb12a9493b0ef73c3575c3f5d1e09 (patch)
tree	9e416905cfaf8ae3d1e2bb8f72c6f0629084e3a4 /documentation
parent	8da30555672064b6d3e1d0466b4919d9db59c791 (diff)
download	poky-b3f040b4a53fb12a9493b0ef73c3575c3f5d1e09.tar.gz

diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index 47ea316395..4e90f03ca3 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst
@@ -1485,6 +1485,13 @@ system and gives an overview of their function and contents.
1485		1485
1486	CVE_PRODUCT = "oracle_berkeley_db berkeley_db"	1486	CVE_PRODUCT = "oracle_berkeley_db berkeley_db"
1487		1487
		1488	Sometimes the product name is not specific enough, for example
		1489	"tar" has been matching CVEs for the GNU ``tar`` package and also
		1490	the ``node-tar`` node.js extension. To avoid this problem, use the
		1491	vendor name as a prefix. The syntax for this is::
		1492
		1493	CVE_PRODUCT = "vendor:package"
		1494
1488	:term:`CVSDIR`	1495	:term:`CVSDIR`
1489	The directory in which files checked out under the CVS system are	1496	The directory in which files checked out under the CVS system are
1490	stored.	1497	stored.