]> code.ossystems Code Review - openembedded-core.git/commit
Code Review / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | review | tree
(parent: 4078da9) | patch
cve-update-db: Use NVD CPE data to populate PRODUCTS table
authorPierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Fri, 5 Jul 2019 09:40:37 +0000 (11:40 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Tue, 9 Jul 2019 22:27:37 +0000 (23:27 +0100)
commitf7676e9a38d595564922e5f59acbc69c2109a78f
tree2187913f454f6fd7566bd9f3d9f22d63440d1c9dtree | snapshot
parent4078da92b49946848cddebe1735f301af161e162commit | diff
cve-update-db: Use NVD CPE data to populate PRODUCTS table

Instead of using expanded list of affected versions that is not
reliable, use the 'cpe_match' node in the 'configurations' json node.

For cve-check to correctly match affected CVE, the sqlite database need to
contain operator_start, operator_end and the corresponding versions fields.

Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
meta/recipes-core/meta/cve-update-db-native.bb diff | blob | history
Mirror of the official openembedded-core repository