package/sox: add SOX_CPE_ID_VERSION

All ignore CVE entries of the sox package are considered stale because
SOX_VERSION is a Git commit and therefore the version matching logic
doesn't do the right thing.

This commit sets SOX_CPE_ID_VERSION to 14.4.2, which is the closest
upstream version on which we are based: our Git commit is 14.4.2 plus
a number of commits that fix a large number of CVEs.

Thanks to this change, the ignore CVE entries are no longer stale.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Signed-off-by: Julien Olivain <ju.o@free.fr>

package/sox/sox.mk

@@ -12,6 +12,8 @@ SOX_LICENSE = GPL-2.0+ (sox binary), LGPL-2.1+ (libraries)
 SOX_LICENSE_FILES = LICENSE.GPL LICENSE.LGPL
 SOX_CPE_ID_VENDOR = sound_exchange_project
 SOX_CPE_ID_PRODUCT = sound_exchange
+# The Git commit in SOX_VERSION is 14.4.2 + a large number of commits
+SOX_CPE_ID_VERSION = 14.4.2
 # From git and we're patching configure.ac
 SOX_AUTORECONF = YES
 SOX_AUTORECONF_OPTS = --include=$(HOST_DIR)/share/autoconf-archive