On 5 Dec 2023, at 16:34, Alexandre Belloni via lists.openembedded.org <[email protected]> wrote: > > Hello, > > Running cve-check against oe-core now generates a few warnings: > > WARNING: automake-native-1.16.5-r0 do_cve_check: automake: Failed to compare > 1.16.5 = branch_1-9 for CVE-2009-4029 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m1 for CVE-2010-4539 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m2 for CVE-2010-4539 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m3 for CVE-2010-4539 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m4\/m5 for CVE-2010-4539 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m1 for CVE-2010-4644 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m2 for CVE-2010-4644 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m3 for CVE-2010-4644 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m4\/m5 for CVE-2010-4644 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m1 for CVE-2011-0715 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m2 for CVE-2011-0715 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m3 for CVE-2011-0715 > WARNING: subversion-1.14.2-r0 do_cve_check: subversion: Failed to compare > 1.14.2 = m4\/m5 for CVE-2011-0715 > WARNING: automake-1.16.5-r0 do_cve_check: automake: Failed to compare 1.16.5 > = branch_1-9 for CVE-2009-4029 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s for CVE-2003-0577 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s for CVE-2004-0982 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s for CVE-2004-1284 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s_r11 for CVE-2006-3355 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s for CVE-2007-0578 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s_r11 for CVE-2007-0578 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s for CVE-2009-1301 > WARNING: mpg123-1.32.3-r0 do_cve_check: mpg123: Failed to compare 1.32.3 = > pre0.59s_r11 for CVE-2009-1301 > > https://autobuilder.yoctoproject.org/typhoon/#/builders/138/builds/823/steps/15/logs/warnings
That would be: cve-check: Modify judgment processing using "=" in version comparison I vote for reverting it, it’s too verbose and we can’t “fix” the CPE data as it’s not broken. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#191849): https://lists.openembedded.org/g/openembedded-core/message/191849 Mute This Topic: https://lists.openembedded.org/mt/102995187/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
