diff options
Diffstat (limited to 'meta/lib/oe/spdx30_tasks.py')
| -rw-r--r-- | meta/lib/oe/spdx30_tasks.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/meta/lib/oe/spdx30_tasks.py b/meta/lib/oe/spdx30_tasks.py index 03dc47db02..4864d6252a 100644 --- a/meta/lib/oe/spdx30_tasks.py +++ b/meta/lib/oe/spdx30_tasks.py | |||
| @@ -488,21 +488,22 @@ def create_spdx(d): | |||
| 488 | cve_by_status = {} | 488 | cve_by_status = {} |
| 489 | if include_vex != "none": | 489 | if include_vex != "none": |
| 490 | for cve in d.getVarFlags("CVE_STATUS") or {}: | 490 | for cve in d.getVarFlags("CVE_STATUS") or {}: |
| 491 | status, detail, description = oe.cve_check.decode_cve_status(d, cve) | 491 | decoded_status = oe.cve_check.decode_cve_status(d, cve) |
| 492 | 492 | ||
| 493 | # If this CVE is fixed upstream, skip it unless all CVEs are | 493 | # If this CVE is fixed upstream, skip it unless all CVEs are |
| 494 | # specified. | 494 | # specified. |
| 495 | if include_vex != "all" and detail in ( | 495 | if include_vex != "all" and 'detail' in decoded_status and \ |
| 496 | decoded_status['detail'] in ( | ||
| 496 | "fixed-version", | 497 | "fixed-version", |
| 497 | "cpe-stable-backport", | 498 | "cpe-stable-backport", |
| 498 | ): | 499 | ): |
| 499 | bb.debug(1, "Skipping %s since it is already fixed upstream" % cve) | 500 | bb.debug(1, "Skipping %s since it is already fixed upstream" % cve) |
| 500 | continue | 501 | continue |
| 501 | 502 | ||
| 502 | cve_by_status.setdefault(status, {})[cve] = ( | 503 | cve_by_status.setdefault(decoded_status['mapping'], {})[cve] = ( |
| 503 | build_objset.new_cve_vuln(cve), | 504 | build_objset.new_cve_vuln(cve), |
| 504 | detail, | 505 | decoded_status['detail'], |
| 505 | description, | 506 | decoded_status['description'], |
| 506 | ) | 507 | ) |
| 507 | 508 | ||
| 508 | cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION")) | 509 | cpe_ids = oe.cve_check.get_cpe_ids(d.getVar("CVE_PRODUCT"), d.getVar("CVE_VERSION")) |