1 files changed, 7 insertions, 12 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py
index e20bb0c86f..3d80f05612 100644
--- a/meta/lib/oe/spdx30_tasks.py
+++ b/meta/lib/oe/spdx30_tasks.py
@@ -498,18 +498,13 @@ def create_spdx(d):
    # Add CVEs
    cve_by_status = {}
    if include_vex != "none":
-        for cve in oe.cve_check.get_patched_cves(d):
+        patched_cves = oe.cve_check.get_patched_cves(d)
-            spdx_cve = build_objset.new_cve_vuln(cve)
+        for cve, patched_cve in patched_cves.items():
-            build_objset.set_element_alias(spdx_cve)
+            decoded_status = {
+                "mapping": patched_cve["abbrev-status"],
-            cve_by_status.setdefault("Patched", {})[cve] = (
+                "detail": patched_cve["status"],
-                spdx_cve,
+                "description": patched_cve.get("justification", None)
-                "patched",
+            }
-                "",
-            )
-        for cve in d.getVarFlags("CVE_STATUS") or {}:
-            decoded_status = oe.cve_check.decode_cve_status(d, cve)
            # If this CVE is fixed upstream, skip it unless all CVEs are
            # specified.

diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index e20bb0c86f..3d80f05612 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py
@@ -498,18 +498,13 @@ def create_spdx(d):
498	# Add CVEs	498	# Add CVEs
499	cve_by_status = {}	499	cve_by_status = {}
500	if include_vex != "none":	500	if include_vex != "none":
501	for cve in oe.cve_check.get_patched_cves(d):	501	patched_cves = oe.cve_check.get_patched_cves(d)
502	spdx_cve = build_objset.new_cve_vuln(cve)	502	for cve, patched_cve in patched_cves.items():
503	build_objset.set_element_alias(spdx_cve)	503	decoded_status = {
504		504	"mapping": patched_cve["abbrev-status"],
505	cve_by_status.setdefault("Patched", {})[cve] = (	505	"detail": patched_cve["status"],
506	spdx_cve,	506	"description": patched_cve.get("justification", None)
507	"patched",	507	}
508	"",
509	)
510
511	for cve in d.getVarFlags("CVE_STATUS") or {}:
512	decoded_status = oe.cve_check.decode_cve_status(d, cve)
513		508
514	# If this CVE is fixed upstream, skip it unless all CVEs are	509	# If this CVE is fixed upstream, skip it unless all CVEs are
515	# specified.	510	# specified.