diff options
author | Yoann Congal <yoann.congal@smile.fr> | 2024-03-15 01:20:20 +0100 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-03-20 06:02:50 -1000 |
commit | 521775dcd52bbb2fa29e2fd6e4e18223341e41a5 (patch) | |
tree | 38ae55ed31758eda649408d4cc72f1e6335aca4f | |
parent | 11d9d02cf60444b034636aa2b59ea8438344293e (diff) | |
download | poky-521775dcd52bbb2fa29e2fd6e4e18223341e41a5.tar.gz |
cve-update-nvd2-native: Remove rejected CVE from database
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
(From OE-Core rev: 5b17b563908206667a7d14f390bd9b2de897774c)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 4b8d01fe84..1901641965 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
@@ -324,6 +324,10 @@ def update_db(conn, elt): | |||
324 | vectorString = None | 324 | vectorString = None |
325 | cveId = elt['cve']['id'] | 325 | cveId = elt['cve']['id'] |
326 | if elt['cve']['vulnStatus'] == "Rejected": | 326 | if elt['cve']['vulnStatus'] == "Rejected": |
327 | c = conn.cursor() | ||
328 | c.execute("delete from PRODUCTS where ID = ?;", [cveId]) | ||
329 | c.execute("delete from NVD where ID = ?;", [cveId]) | ||
330 | c.close() | ||
327 | return | 331 | return |
328 | cveDesc = "" | 332 | cveDesc = "" |
329 | for desc in elt['cve']['descriptions']: | 333 | for desc in elt['cve']['descriptions']: |