cve-update-db: Use NVD CPE data to populate PRODUCTS table - openembedded-core-contrib - OpenEmbedded Core user contribution trees

diff options

author	Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com>	2019-07-05 11:40:37 +0200
committer	Richard Purdie <richard.purdie@linuxfoundation.org>	2019-07-09 23:27:37 +0100
commit	f7676e9a38d595564922e5f59acbc69c2109a78f (patch)
tree	2187913f454f6fd7566bd9f3d9f22d63440d1c9d /meta/classes/cve-check.bbclass
parent	4078da92b49946848cddebe1735f301af161e162 (diff)
download	openembedded-core-contrib-f7676e9a38d595564922e5f59acbc69c2109a78f.tar.gz

cve-update-db: Use NVD CPE data to populate PRODUCTS table

Instead of using expanded list of affected versions that is not reliable, use the 'cpe_match' node in the 'configurations' json node. For cve-check to correctly match affected CVE, the sqlite database need to contain operator_start, operator_end and the corresponding versions fields. Signed-off-by: Pierre Le Magourou <pierre.lemagourou@softbankrobotics.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

Diffstat (limited to 'meta/classes/cve-check.bbclass')

0 files changed, 0 insertions, 0 deletions


context:
space:
mode: