utils/beep: assign PKG_CPE_ID

[ffontaine]

cpe:/a:beep_project:beep is the correct CPE ID for beep: https://nvd.nist.gov/products/cpe/search/results?keyword=cpe:2.3:a:beep_project:beep

Maintainer: @riptidewave93

[feckert]

That is not correct. We pull the changes from https://github.com/spkr-beep/beep
But the cpe links to https://github.com/johnath/beep as mentioned in https://nvd.nist.gov/products/cpe/detail/2E4424D5-A1A3-4347-8835-3E74FE700296?namingFormat=2.3&orderBy=CPEURI&keyword=cpe%3A2.3%3Aa%3Aapparmor%3Aapparmor&status=FINAL

[ffontaine]

spkr-beep is indeed a fork of https://github.com/johnath/beep as clearly stated in README.md:

This version of beep has been forked from Johnathan Nightingales' original beep when johnath/beep#11 required fixes in 2018, while Johnathan Nightingales' github.com/johnath/beep/ and johnath.com/beep/ was only maintained from around 2000 until around 2013.

The spkr-beep fixes two CVEs from the original beep (which is essentially no longer maintained). I believe it is still appropriate to use the beep_project:beep CPE ID since the code base remains the same and no new CPE has been assigned to the fork (as there have been no new CVEs since 2018).

[feckert]

Then we should mention this in the commit message. So you know why we don't use the original referenced in the CPE ID

[ffontaine]

OK, I'll update the PR