cve-check: Switch to NVD CVE JSON feed version 1.1

Switch to recently released version 1.1 of NVD CVE JSON feed, as in https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release it is mentioned that Due to changes required to support CVSS v3.1 scoring, the JSON vulnerability feeds must be modified. This will require the consumers of this data to update their internal processes. We will be providing the JSON 1.1 schema on the data feeds page and the information below to prepare for this transition. ... The JSON 1.1 data feeds will be available on September 9th, 2019. At that time the current JSON 1.0 data feeds will no longer available. This change was tested briefly by issuing 'bitbake core-image-minimal' with 'cve-check.bbclass' inherited via local.conf, and then comparing the content between the resulting two 'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not seem to contain any other change, except total of 167 entries like CVSS v3 BASE SCORE: 0.0 were replaced with similar 'CVSS v3 BASE SCORE:' entries which had scores that were greater than '0.0' (up to '9.8'). (From OE-Core rev: cc20e4d8ff2f3aa52a2658404af9a0ff358cc323) (From OE-Core rev: c92b8804d6e59b2707332859957f0e6a46db0a73) Signed-off-by: Niko Mauno <niko.mauno@iki.fi> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> Signed-off-by: Anuj Mittal <anuj.mittal@intel.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
author: Niko Mauno <niko.mauno@iki.fi> 2019-12-14 14:15:05 +0800
committer: Richard Purdie <richard.purdie@linuxfoundation.org> 2019-12-16 23:08:52 +0000
commit: 4065420e5b943de79db953045fbf33f6db1da0dc (patch)
tree: 4ee60df013d85b8d29f5b6fbeae85e744b6178c2 /meta/recipes-core
parent: 8673e91f2dd6c51623c3404cfb8861cbb2be5f1c (diff)
download: poky-4065420e5b943de79db953045fbf33f6db1da0dc.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index db1d69a28e..575254af40 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -27,7 +27,7 @@ python do_populate_cve_db() {
    bb.utils.export_proxies(d)
-    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"
+    BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
    YEAR_START = 2002
    db_file = d.getVar("CVE_CHECK_DB_FILE")
author	Niko Mauno <niko.mauno@iki.fi>	2019-12-14 14:15:05 +0800
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-12-16 23:08:52 +0000
commit	4065420e5b943de79db953045fbf33f6db1da0dc (patch)
tree	4ee60df013d85b8d29f5b6fbeae85e744b6178c2 /meta/recipes-core
parent	8673e91f2dd6c51623c3404cfb8861cbb2be5f1c (diff)
download	poky-4065420e5b943de79db953045fbf33f6db1da0dc.tar.gz

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb index db1d69a28e..575254af40 100644 --- a/meta/recipes-core/meta/cve-update-db-native.bb +++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -27,7 +27,7 @@ python do_populate_cve_db() {
27		27
28	bb.utils.export_proxies(d)	28	bb.utils.export_proxies(d)
29		29
30	BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-"	30	BASE_URL = "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-"
31	YEAR_START = 2002	31	YEAR_START = 2002
32		32
33	db_file = d.getVar("CVE_CHECK_DB_FILE")	33	db_file = d.getVar("CVE_CHECK_DB_FILE")