From 6d1c5be67bb220b03278cf44eb8192a7e9b5abf5 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Mon, 19 Jan 2026 21:27:37 +1300
Subject: [PATCH] smarty: extend CVE_PRODUCT

Some CVEs assign smarty-php as the vendor to the corresponding CPE.
E.g CVE-2024-35226[1] is tracked with smarty-php:smarty by mitre
(NVD tracks it without CPE).

[1]: https://cveawg.mitre.org/api/cve/CVE-2024-35226

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 1aee6a403c1901bc7ae793a2f4581b3cdbd95c1d)
Signed-off-by: Ankur Tyagi <ankur.tyagi85@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-oe/recipes-support/smarty/smarty_5.6.0.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta-oe/recipes-support/smarty/smarty_5.6.0.bb b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
index 88afc55c15..56b239e9c7 100644
--- a/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
+++ b/meta-oe/recipes-support/smarty/smarty_5.6.0.bb
@@ -34,4 +34,4 @@ FILES:${PN} += "${datadir}/php/smarty3/"
 
 RDEPENDS:${PN} = "php"
 
-CVE_PRODUCT = "smarty:smarty"
+CVE_PRODUCT = "smarty:smarty smarty-php:smarty"