fix: fix xerces CPE ID

apache:xerces-c has been deprecated in favor of apache-xerces-c\+\+ since February 2023: <cpe-item name="cpe:/a:apache:xerces-c:3.1.1" deprecated="true" deprecation_date="2023-02-05T21:10:01.860Z"> <reference href="https://marc.info/?l=xerces-c-users&m=157653840106914&w=2">Advisory</reference> <reference href="https://xerces.apache.org/xerces-c/releases_archive.html">Version</reference> <cpe-23:cpe23-item name="cpe:2.3:a:apache:xerces-c:3.1.1:*:*:*:*:*:*:*"> <cpe-23:deprecated-by name="cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/> Signed-off-by: Fabrice Fontaine <[email protected]>
ffontaine · Apr 21, 2023 · 84f3c4b · 84f3c4b
1 parent 54da5b0
commit 84f3c4b
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/cve_bin_tool/checkers/xerces.py b/cve_bin_tool/checkers/xerces.py
@@ -6,7 +6,7 @@
 CVE checker for libxerces
 
 References:
-http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-4103/Apache-Xerces-c-.html
+https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Axerces-c%5C%2B%5C%2B&status=FINAL
 
 RSS feed: http://www.cvedetails.com/vulnerability-feed.php?vendor_id=45&product_id=4103&version_id=&orderby=2&cvssscoremin=0
 """
@@ -20,4 +20,4 @@ class XercesChecker(Checker):
         r"\/xerces-c-src_([0-9]+_[0-9]+_[0-9]+)\/",
         r"xercesc_([0-9]+\_[0-9]+):",
     ]
-    VENDOR_PRODUCT = [("apache", "xerces-c")]
+    VENDOR_PRODUCT = [("apache", "xerces-c\+\+")]