cve-update-nvd2-native: fix cvssV3 metrics - linux/poky.git

diff options

author	Peter Marko <peter.marko@siemens.com>	2023-06-29 23:12:52 +0200
committer	Steve Sakoman <steve@sakoman.com>	2023-07-13 07:03:17 -1000
commit	5e9e50e5445cc64aad085a62abb260cc318817a9 (patch)
tree	48afd2cc67de861304f433d7217d45bd49f05bc7 /meta-skeleton
parent	60cd2c29eab24d046b08632497a37094e2794612 (diff)
download	poky-5e9e50e5445cc64aad085a62abb260cc318817a9.tar.gz

cve-update-nvd2-native: fix cvssV3 metrics

After upgrade to soon-to-be-released kirkstone 4.0.11 CVE annotations got broken. Anything which has only cvssV3 does not resolve properly. Fix the API fields used to extract it. i0.0 score is now at level of NVD DB 1.1. All CVEs with UNKNOWN vector are not present in NVD DB 1.1. NVD API 1.1: sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|4776 LOCAL|32146 NETWORK|167746 PHYSICAL|185 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|73331 1.8|7 1.9|3 ... NVD API 2.0 (broken): sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|4587 LOCAL|26273 NETWORK|150421 UNKNOWN|24644 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|205925 NVD API 2.0 (fixed): sqlite> select vector, count(vector) from nvd group by vector; ADJACENT_NETWORK|5090 LOCAL|32322 NETWORK|168004 PHYSICAL|213 UNKNOWN|511 sqlite> select scorev3, count(scorev3) from nvd group by scorev3; 0.0|73841 1.8|7 1.9|3 ... (From OE-Core rev: 2233a187dc0da833401297667c1e2ed6bf5627fd) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 61a5857efdcc0f49c69c0deb24fce99007aeef19) Signed-off-by: Steve Sakoman <steve@sakoman.com>

Diffstat (limited to 'meta-skeleton')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: