mirrors/poky
1
0
Fork 0
mirror of https://git.yoctoproject.org/poky synced 2026-01-29 21:08:42 +01:00
Code Issues Packages Projects Releases Wiki Activity

cve-update-nvd2-native: Remove rejected CVE from database

Browse Source 
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.

(From OE-Core rev: 5b17b563908206667a7d14f390bd9b2de897774c)

Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
This commit is contained in:
Yoann Congal
2024-03-15 01:20:20 +01:00
committed by Steve Sakoman
parent 11d9d02cf6
commit 521775dcd5
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
meta/recipes-core/meta/cve-update-nvd2-native.bb
View File

@@ -324,6 +324,10 @@ def update_db(conn, elt):
vectorString = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId])
c.close()
return
cveDesc = ""
for desc in elt['cve']['descriptions']: