From ab85e58b9164178a0bb95354649468c10f1f3ffa Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 12 Jan 2026 14:00:01 +0100
Subject: [PATCH] xerces-c: set CVE_PRODUCT

The related CVEs are tracked with "xerces-c\+\+" (sic).

See CVE db query:
sqlite> select vendor, product, count(*) from PRODUCTs where product like '%xerces%' group by 1, 2;
apache|xerces-c\+\+|29
apache|xerces-j|2
apache|xerces2_java|3
redhat|xerces|3

Set CVE_PRODUCT accordingly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 29a272744a314564035ec4a337704eb6d31e879e)
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb
index 9fd7e8fbab..e6c08f488f 100644
--- a/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb
+++ b/meta-oe/recipes-devtools/xerces-c/xerces-c_3.2.5.bb
@@ -9,6 +9,8 @@ SECTION =  "libs"
 LICENSE = "Apache-2.0"
 LIC_FILES_CHKSUM = "file://LICENSE;md5=3b83ef96387f14655fc854ddc3c6bd57"
 
+CVE_PRODUCT = "xerces-c\+\+"
+
 SRC_URI = "http://archive.apache.org/dist/xerces/c/3/sources/${BP}.tar.bz2 \
     file://0001-aclocal.m4-don-t-use-full-path-of-with_curl-in-xerce.patch \
 "