From: Yoann Congal <yoann.con...@smile.fr>
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
Signed-off-by: Yoann Congal <yoann.con...@smile.fr>
Signed-off-by: Richard Purdie <richard.pur...@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <st...@sakoman.com>
---
meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb
b/meta/recipes-core/meta/cve-update-nvd2-native.bb
index 0044529b7d..1a3eeba6d0 100644
--- a/meta/recipes-core/meta/cve-update-nvd2-native.bb
+++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb
@@ -323,6 +323,10 @@ def update_db(conn, elt):
accessVector = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
+ c = conn.cursor()
+ c.execute("delete from PRODUCTS where ID = ?;", [cveId])
+ c.execute("delete from NVD where ID = ?;", [cveId])
+ c.close()
return
cveDesc = ""
for desc in elt['cve']['descriptions']:
--
2.34.1
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#197394):
https://lists.openembedded.org/g/openembedded-core/message/197394
Mute This Topic: https://lists.openembedded.org/mt/105048443/21656
Group Owner: openembedded-core+ow...@lists.openembedded.org
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub
[arch...@mail-archive.com]
-=-=-=-=-=-=-=-=-=-=-=-
