cve-update-nvd2-native: Remove rejected CVE from database

When a CVE is updated to be rejected, matching database entries must be removed. Otherwise: * an incremental update is not equivalent the to an initial download. * rejected CVEs might still appear as Unpatched in cve-check. (From OE-Core rev: 5b17b563908206667a7d14f390bd9b2de897774c) Signed-off-by: Yoann Congal <yoann.congal@smile.fr> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085) Signed-off-by: Steve Sakoman <steve@sakoman.com>
author: Yoann Congal <yoann.congal@smile.fr> 2024-03-15 01:20:20 +0100
committer: Steve Sakoman <steve@sakoman.com> 2024-03-20 06:02:50 -1000
commit: 521775dcd52bbb2fa29e2fd6e4e18223341e41a5 (patch)
tree: 38ae55ed31758eda649408d4cc72f1e6335aca4f
parent: 11d9d02cf60444b034636aa2b59ea8438344293e (diff)
download: poky-521775dcd52bbb2fa29e2fd6e4e18223341e41a5.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 4b8d01fe84..1901641965 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -324,6 +324,10 @@ def update_db(conn, elt):
    vectorString = None
    cveId = elt['cve']['id']
    if elt['cve']['vulnStatus'] ==  "Rejected":
+        c = conn.cursor()
+        c.execute("delete from PRODUCTS where ID = ?;", [cveId])
+        c.execute("delete from NVD where ID = ?;", [cveId])
+        c.close()
        return
    cveDesc = ""
    for desc in elt['cve']['descriptions']:
author	Yoann Congal <yoann.congal@smile.fr>	2024-03-15 01:20:20 +0100
committer	Steve Sakoman <steve@sakoman.com>	2024-03-20 06:02:50 -1000
commit	521775dcd52bbb2fa29e2fd6e4e18223341e41a5 (patch)
tree	38ae55ed31758eda649408d4cc72f1e6335aca4f
parent	11d9d02cf60444b034636aa2b59ea8438344293e (diff)
download	poky-521775dcd52bbb2fa29e2fd6e4e18223341e41a5.tar.gz