[OE-core] [PATCH 0/3] Add initial capability to check CVEs for recipes

[Mikko.Rapeli at bmw.de]

For openssh there must be some bugs or tunings needed to match the version
numbers used in CVE to ones in yocto. openssh-6.6p1 has zero matches
with the check but I think there are several:

downloads/CVE_CHECK$ grep openssh *xml| grep 6\.6\:p1
nvdcve-2.0-2016.xml:        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.6:p1"/>
nvdcve-2.0-2016.xml:      <vuln:product>cpe:/a:openbsd:openssh:6.6:p1</vuln:product>
nvdcve-2.0-2016.xml:        <cpe-lang:fact-ref name="cpe:/a:openbsd:openssh:6.6:p1"/>
nvdcve-2.0-2016.xml:      <vuln:product>cpe:/a:openbsd:openssh:6.6:p1</vuln:product>

How should these tunings be made?

-Mikko