diff options
author | Yoann Congal <yoann.congal@smile.fr> | 2024-03-17 16:21:52 -1000 |
---|---|---|
committer | Steve Sakoman <steve@sakoman.com> | 2024-03-18 11:44:32 -1000 |
commit | 4eb0074be76c9bd3d6d25cae4f1b9f398ff89bf5 (patch) | |
tree | 6cefc6de8dd1db007d8f7de666428ce58e9a4dbe /meta | |
parent | 80946fbe8c95169b871d816f2b71ee001a2a3d75 (diff) | |
download | openembedded-core-4eb0074be76c9bd3d6d25cae4f1b9f398ff89bf5.tar.gz |
cve-update-nvd2-native: Remove rejected CVE from database
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit f276a980b8930b98e6c8f0e1a865d77dfcfe5085)
Signed-off-by: Steve Sakoman <steve@sakoman.com>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 0044529b7d..1a3eeba6d0 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -323,6 +323,10 @@ def update_db(conn, elt): accessVector = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": + c = conn.cursor() + c.execute("delete from PRODUCTS where ID = ?;", [cveId]) + c.execute("delete from NVD where ID = ?;", [cveId]) + c.close() return cveDesc = "" for desc in elt['cve']['descriptions']: |