cve-check: Switch to NVD CVE JSON feed version 1.1

Switch to recently released version 1.1 of NVD CVE JSON feed, as in https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release it is mentioned that Due to changes required to support CVSS v3.1 scoring, the JSON vulnerability feeds must be modified. This will require the consumers of this data to update their internal processes. We will be providing the JSON 1.1 schema on the data feeds page and the information below to prepare for this transition. ... The JSON 1.1 data feeds will be available on September 9th, 2019. At that time the current JSON 1.0 data feeds will no longer available. This change was tested briefly by issuing 'bitbake core-image-minimal' with 'cve-check.bbclass' inherited via local.conf, and then comparing the content between the resulting two 'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not seem to contain any other change, except total of 167 entries like CVSS v3 BASE SCORE: 0.0 were replaced with similar 'CVSS v3 BASE SCORE:' entries which had scores that were greater than '0.0' (up to '9.8'). (From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323) (From OE-Core rev: 72c22b8791707480c380f49305c6d394578b2a4b) Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit c92b8804d6e59b2707332859957f0e6a46db0a73) Signed-off-by: Armin Kuster <akuster808@gmail.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Niko Mauno <niko.mauno@iki.fi> 2019-12-14 14:15:05 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2020-01-16 22:38:53 +0000
commit: 8c7e02c9d1e1694d4dd690f91a90220b58cb912a (patch)
tree: 7ae83c7032d6d5a8b4d50f0d48f6161eb8374cfe /meta/classes
parent: c12415cc7ceee43653a70cbc4a8b5a6509f31fce (diff)
download: poky-8c7e02c9d1e1694d4dd690f91a90220b58cb912a.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass
index 19ed5548b3..01b3637469 100644
--- a/meta/classes/cve-check.bbclass
+++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
 CVE_VERSION ??= "${PV}"
 CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
-CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"
+CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
 CVE_CHECK_LOG ?= "${T}/cve.log"
 CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"
author	Niko Mauno <niko.mauno@iki.fi>	2019-12-14 14:15:05 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2020-01-16 22:38:53 +0000
commit	8c7e02c9d1e1694d4dd690f91a90220b58cb912a (patch)
tree	7ae83c7032d6d5a8b4d50f0d48f6161eb8374cfe /meta/classes
parent	c12415cc7ceee43653a70cbc4a8b5a6509f31fce (diff)
download	poky-8c7e02c9d1e1694d4dd690f91a90220b58cb912a.tar.gz

diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 19ed5548b3..01b3637469 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass
@@ -26,7 +26,7 @@ CVE_PRODUCT ??= "${BPN}"
26	CVE_VERSION ??= "${PV}"	26	CVE_VERSION ??= "${PV}"
27		27
28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"	28	CVE_CHECK_DB_DIR ?= "${DL_DIR}/CVE_CHECK"
29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.0.db"	29	CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/nvdcve_1.1.db"
30		30
31	CVE_CHECK_LOG ?= "${T}/cve.log"	31	CVE_CHECK_LOG ?= "${T}/cve.log"
32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"	32	CVE_CHECK_TMP_FILE ?= "${TMPDIR}/cve_check"