From df2436ba971feb5c312e0d2d657c65ce49241329 Mon Sep 17 00:00:00 2001
From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 27 Apr 2025 11:43:00 +0200
Subject: [PATCH] linux/cve-exclusion: correct fixed-version calculation

Current code takes the first version found as "fixed-version".
That is not correct as it is almost always only the oldest backport.
Fix it by unconditionally shift the assigmnet of variable "fixed" so
that we take last instead of first version.

Cc: daniel.turull@ericsson.com
(From OE-Core rev: 68f8e58a249c8adef18e63f0841e8bfea16f354e)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---
 meta/recipes-kernel/linux/generate-cve-exclusions.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/meta/recipes-kernel/linux/generate-cve-exclusions.py b/meta/recipes-kernel/linux/generate-cve-exclusions.py
index 82fb4264e3..5c85c0db88 100755
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -67,10 +67,9 @@ def get_fixed_versions(cve_info, base_version):
 
                 if not first_affected:
                     first_affected = v
-                    fixed = less_than
+                fixed = less_than
                 if base_version < v and v < next_version:
                     first_affected = v
-                    fixed = less_than
                     fixed_backport = less_than
 
     return first_affected, fixed, fixed_backport