code.ossystems Code Review - openembedded-core.git/commit

]> code.ossystems Code Review - openembedded-core.git/commit

Code Review / openembedded-core.git / commit

author	Lee Chee Yang <chee.yang.lee@intel.com>
	Tue, 31 Mar 2020 07:26:03 +0000 (15:26 +0800)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Tue, 31 Mar 2020 20:52:26 +0000 (21:52 +0100)
commit	c69ee3594079589d27c10db32bc288566ebde9ef
tree	7752e72e554f0d0129cb952ff0472200e62c4441	tree \| snapshot
parent	3937ca9e2dfabb1ce9bce1d536b60b1e2a43739b	commit \| diff

cve-check: CPE version '-' as all version

CPE version could be '-' to mean no version info.
Current cve_check treat it as not valid and does not report these
CVE but some of these could be a valid vulnerabilities.

Since non-valid CVE can be whitelisted, so treat '-' as all version
and report all these CVE to capture possible vulnerabilities.

Non-valid CVE to be whitelisted separately.

[YOCTO #13617]

Signed-off-by: Lee Chee Yang <chee.yang.lee@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

meta/classes/cve-check.bbclass		diff \| blob \| history
meta/recipes-core/meta/cve-update-db-native.bb		diff \| blob \| history

Mirror of the official openembedded-core repository

RSS Atom