From: Daniel Turull <[email protected]> If the user has a CVE_STATUS for their own backported patch, the backport takes priority over upstream vulnerable versions.
Signed-off-by: Daniel Turull <[email protected]> Signed-off-by: Antonin Godard <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 0beef05be119ea465ba06553a42edea03dfc9fd3) Signed-off-by: Himanshu Jadon <[email protected]> --- scripts/contrib/improve_kernel_cve_report.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/contrib/improve_kernel_cve_report.py b/scripts/contrib/improve_kernel_cve_report.py index 829cc4cd30..a81aa0ff94 100755 --- a/scripts/contrib/improve_kernel_cve_report.py +++ b/scripts/contrib/improve_kernel_cve_report.py @@ -340,6 +340,10 @@ def cve_update(cve_data, cve, entry): if cve_data[cve]['status'] == entry['status']: return if entry['status'] == "Unpatched" and cve_data[cve]['status'] == "Patched": + # Backported-patch (e.g. vendor kernel repo with cherry-picked CVE patch) + # has priority over unpatch from CNA + if cve_data[cve]['detail'] == "backported-patch": + return logging.warning("CVE entry %s update from Patched to Unpatched from the scan result", cve) cve_data[cve] = copy_data(cve_data[cve], entry) return -- 2.35.6
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#232691): https://lists.openembedded.org/g/openembedded-core/message/232691 Mute This Topic: https://lists.openembedded.org/mt/118218195/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
