mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-05-08 05:09:24 +00:00
Code Issues Projects Releases Wiki Activity

cve-update-nvd2-native: Fix CVE configuration update

Browse Source 
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.

(From OE-Core rev: 38402b5e89d43bf2a45c8f5f2d631033be5019cd)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yoann Congal
2024-03-17 16:21:51 -10:00
committed by Steve Sakoman
parent ea0af985cb
commit ab504237a5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
meta/recipes-core/meta/cve-update-nvd2-native.bb
+4
View File
@@ -352,6 +352,10 @@ def update_db(conn, elt):
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close()
try:
# Remove any pre-existing CVE configuration. Even for partial database
# update, those will be repopulated. This ensures that old
# configuration is not kept for an updated CVE.
conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close()
for config in elt['cve']['configurations']:
# This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
for node in config["nodes"]: