cve-check: Consider CVE that affects versions with less than operator - linux/poky.git

diff options

author	Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>	2019-11-06 17:37:19 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-11-07 19:47:26 +0000
commit	8bc6c65d862c080bdb95405ed5aea528dbcc2315 (patch)
tree	778b547c10f24b8361672780f9680756c3eb0ee8 /meta/recipes-core/meta/cve-update-db.bb
parent	b409daad1d6c853690ae9ea75447cfac89033712 (diff)
download	poky-8bc6c65d862c080bdb95405ed5aea528dbcc2315.tar.gz

cve-check: Consider CVE that affects versions with less than operator

In the NVD json CVE feed, affected versions can be strictly matched to a version, but they can also be matched with the operator '<='. Add a new condition in the sqlite query to match affected versions that are defined with the operator '<='. Then use LooseVersion to discard all versions that are not relevant. (From OE-Core rev: 3bf63bc60848d91e90c23f6d854d22b78832aa2d) (From OE-Core rev: 70046288894184477dcf6f7eba25b1994b88c8de) Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/recipes-core/meta/cve-update-db.bb')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: