mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-04-23 18:32:12 +02:00
Code Issues Packages Projects Releases Wiki Activity

cve-update-nvd2-native: Remove rejected CVE from database

Browse Source 
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.

(From OE-Core rev: 717f0df5f35272f7706e4f92cc8b57cdda8066b6)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yoann Congal
2024-03-17 16:21:52 -10:00
committed by Steve Sakoman
parent ab504237a5
commit 4b6fc4f642
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-core/meta/cve-update-nvd2-native.bb
View File

@@ -323,6 +323,10 @@ def update_db(conn, elt):
accessVector = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId])
c.close()
return
cveDesc = ""
for desc in elt['cve']['descriptions']: