linux/cve-exclusion: correct fixed-version calculation

Current code takes the first version found as "fixed-version". That is not correct as it is almost always only the oldest backport. Fix it by unconditionally shift the assigmnet of variable "fixed" so that we take last instead of first version. Cc: daniel.turull@ericsson.com (From OE-Core rev: 68f8e58a249c8adef18e63f0841e8bfea16f354e) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2026-04-22 06:32:12 +02:00 · 2025-04-27 11:43:00 +02:00
parent 8ad06a02ae
commit df2436ba97
1 changed files with 1 additions and 2 deletions
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@@ -67,10 +67,9 @@ def get_fixed_versions(cve_info, base_version):

                if not first_affected:
                    first_affected = v
-                    fixed = less_than
+                fixed = less_than
                if base_version < v and v < next_version:
                    first_affected = v
-                    fixed = less_than
                    fixed_backport = less_than

    return first_affected, fixed, fixed_backport