commit 0c14bdcec9bcf46d51127cc1948bd1c10271f006
author Lei Zhang <thestig@chromium.org> Fri Aug 28 01:27:20 2020 +0000
committer Chromium commit bot <commit-bot@chromium.org> Fri Aug 28 01:27:20 2020 +0000
tree 4c4e2ce613f6ebd60737bc417a5cb69f10288c6f
parent a93f962783ed4fb0ed3f220f391042679eb17742

Add CPEs for libpng and freetype.

CPEs are the way that MITRE tracks different projects and versions, and
that's the input required by Vomit, Google's automated vulnerability
notification system. At present Vomit is unable to identify the versions
for these components and is therefore reporting the wrong CVEs in crbugs.

Adding these CPEPrefix lines will enable Vomit to notify for any
vulnerabilities affecting these versions.

This is copied from https://crrev.com/746237 and other related CLs.

Change-Id: I0f04446763510ca4cc85746adb410ae9f3f4e135
Reviewed-on: https://pdfium-review.googlesource.com/c/pdfium/+/73191
Reviewed-by: Tom Sepez <tsepez@chromium.org>
Commit-Queue: Lei Zhang <thestig@chromium.org>

third_party/freetype/README.pdfium

diff --git a/third_party/freetype/README.pdfium b/third_party/freetype/README.pdfium
index 461c194..1a26701 100644
--- a/third_party/freetype/README.pdfium
+++ b/third_party/freetype/README.pdfium
@@ -1,6 +1,7 @@
 Name: FreeType
 URL: http://www.freetype.org/
 Version: VER-2-10-2-48
+cpe:/a:freetype:freetype:2.10.1
 Revision: 986a340dd52825ceaa142ae19473de0ee52d57f2
 Security Critical: yes
 License: FreeType License (FTL)

third_party/libpng16/README.pdfium

diff --git a/third_party/libpng16/README.pdfium b/third_party/libpng16/README.pdfium
index 0d9c30c..a4bcb63 100644
--- a/third_party/libpng16/README.pdfium
+++ b/third_party/libpng16/README.pdfium
@@ -1,6 +1,7 @@
 Name: libpng
 URL: http://libpng.org/
 Version: 1.6.37
+CPEPrefix: cpe:/a:libpng:libpng:1.6.37
 Security Critical: yes
 License: libpng license
 License Android Compatible: yes