From: Ross Burton <ross.burton@intel.com>
Date: Wed, 17 Jul 2019 10:45:38 +0000 (+0100)
Subject: cve-update-db-native: use SQL placeholders instead of format strings
X-Git-Tag: uninative-2.7~751
X-Git-Url: https://code.ossystems.io/gitweb?a=commitdiff_plain;h=91770338f76;p=openembedded-core.git

cve-update-db-native: use SQL placeholders instead of format strings

Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index e16c41a72f..72d1f48835 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -62,7 +62,7 @@ python do_populate_cve_db() {
             break
 
         # Compare with current db last modified date
-        c.execute("select DATE from META where YEAR = '%d'" % year)
+        c.execute("select DATE from META where YEAR = ?", (year,))
         meta = c.fetchone()
         if not meta or meta[0] != last_modified:
             # Update db with current year json file