diff options
| author | Yoann Congal <yoann.congal@smile.fr> | 2024-03-17 16:21:51 -1000 |
|---|---|---|
| committer | Steve Sakoman <steve@sakoman.com> | 2024-03-25 04:11:26 -1000 |
| commit | ab504237a5a61600fe812346990bf65a0044a9c2 (patch) | |
| tree | c953e28ae2d2972d02802846124281e449071ee0 /meta/recipes-core | |
| parent | ea0af985cbdc3af9727d6b2e0b8b2527f7de0541 (diff) | |
| download | poky-ab504237a5a61600fe812346990bf65a0044a9c2.tar.gz | |
cve-update-nvd2-native: Fix CVE configuration update
When a CVE is created, it often has no precise version information and
this is stored as "-" (matching any version). After an update, version
information is added. The previous "-" must be removed, otherwise, the
CVE is still "Unpatched" for cve-check.
(From OE-Core rev: 38402b5e89d43bf2a45c8f5f2d631033be5019cd)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 641ae3f36e09af9932dc33043a0a5fbfce62122e)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta/recipes-core')
| -rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index a703b68aac..0044529b7d 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb | |||
| @@ -352,6 +352,10 @@ def update_db(conn, elt): | |||
| 352 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() | 352 | [cveId, cveDesc, cvssv2, cvssv3, date, accessVector]).close() |
| 353 | 353 | ||
| 354 | try: | 354 | try: |
| 355 | # Remove any pre-existing CVE configuration. Even for partial database | ||
| 356 | # update, those will be repopulated. This ensures that old | ||
| 357 | # configuration is not kept for an updated CVE. | ||
| 358 | conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close() | ||
| 355 | for config in elt['cve']['configurations']: | 359 | for config in elt['cve']['configurations']: |
| 356 | # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing | 360 | # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing |
| 357 | for node in config["nodes"]: | 361 | for node in config["nodes"]: |
