From 1aee6a403c1901bc7ae793a2f4581b3cdbd95c1d Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 25 Dec 2025 14:15:12 +0100
Subject: [PATCH] smarty: extend CVE_PRODUCT

Some CVEs assign smarty-php as the vendor to the corresponding CPE.
E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre
(NVD tracks it without CPE).

[1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-oe/recipes-support/smarty/smarty_5.7.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-support/smarty/smarty_5.7.0.bb b/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
index e7281a30b5..1d21c7eedf 100644
--- a/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
+++ b/meta-oe/recipes-support/smarty/smarty_5.7.0.bb
@@ -34,4 +34,4 @@ FILES:${PN} += "${datadir}/php/smarty3/"
 
 RDEPENDS:${PN} = "php"
 
-CVE_PRODUCT = "smarty:smarty"
+CVE_PRODUCT = "smarty:smarty smarty-php:smarty"