diff options
author | Yoann Congal <yoann.congal@smile.fr> | 2024-03-15 01:20:20 +0100 |
---|---|---|
committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2024-03-15 07:36:11 +0000 |
commit | f276a980b8930b98e6c8f0e1a865d77dfcfe5085 (patch) | |
tree | 24b02a4829d766ea70595c56e1c3a536917813b0 /meta | |
parent | 641ae3f36e09af9932dc33043a0a5fbfce62122e (diff) | |
download | openembedded-core-f276a980b8930b98e6c8f0e1a865d77dfcfe5085.tar.gz |
cve-update-nvd2-native: Remove rejected CVE from database
When a CVE is updated to be rejected, matching database entries must be
removed. Otherwise:
* an incremental update is not equivalent the to an initial download.
* rejected CVEs might still appear as Unpatched in cve-check.
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'meta')
-rw-r--r-- | meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 4b8d01fe84..1901641965 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -324,6 +324,10 @@ def update_db(conn, elt): vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": + c = conn.cursor() + c.execute("delete from PRODUCTS where ID = ?;", [cveId]) + c.execute("delete from NVD where ID = ?;", [cveId]) + c.close() return cveDesc = "" for desc in elt['cve']['descriptions']: |