package/mpd: update CPE/CVE information

Since 01/2023, MPD has an entry in the NIST database [1]. Add vendor amd product IDs [2] to mpd.mk and remove the now obsolete IGNORE_CVES entry. [1] https://nvd.nist.gov/vuln/detail/CVE-2022-46449 [2] https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&keyword=musicpd Signed-off-by: Andreas Ziegler <br015@umbiko.net> Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2025-05-08 14:32:05 +02:00
parent 317260f336
commit 9d4b7116cf
1 changed files with 4 additions and 2 deletions
--- a/package/mpd/mpd.mk
+++ b/package/mpd/mpd.mk
@@ -11,8 +11,10 @@ MPD_SITE = https://www.musicpd.org/download/mpd/$(MPD_VERSION_MAJOR)
 MPD_DEPENDENCIES = host-pkgconf fmt
 MPD_LICENSE = GPL-2.0+
 MPD_LICENSE_FILES = COPYING
-# these refer to the FreeBSD PPP daemon
-MPD_IGNORE_CVES = CVE-2020-7465 CVE-2020-7466
+
+MPD_CPE_ID_VENDOR = musicpd
+MPD_CPE_ID_PRODUCT = music_player_demon
+
 MPD_SELINUX_MODULES = mpd
 MPD_CONF_OPTS = \
 	-Daudiofile=disabled \