The database used by cve-check currently stores the access vector and vector string for the oldest CVSS version for each CVE. This should be reversed, where the newest possible CVSS version is included instead.
Signed-off-by: Colin McAllister <[email protected]> --- meta/classes/cve-check.bbclass | 2 +- meta/recipes-core/meta/cve-update-nvd2-native.bb | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/meta/classes/cve-check.bbclass b/meta/classes/cve-check.bbclass index 0c92b87f52..c4cbcdf8e3 100644 --- a/meta/classes/cve-check.bbclass +++ b/meta/classes/cve-check.bbclass @@ -31,7 +31,7 @@ CVE_PRODUCT ??= "${BPN}" CVE_VERSION ??= "${PV}" -CVE_CHECK_DB_FILENAME ?= "nvdcve_2-2.db" +CVE_CHECK_DB_FILENAME ?= "nvdcve_2-3.db" CVE_CHECK_DB_DIR ?= "${STAGING_DIR}/CVE_CHECK" CVE_CHECK_DB_FILE ?= "${CVE_CHECK_DB_DIR}/${CVE_CHECK_DB_FILENAME}" CVE_CHECK_DB_FILE_LOCK ?= "${CVE_CHECK_DB_FILE}.lock" diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index a68a8bb89f..e111709b22 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -355,21 +355,21 @@ def update_db(conn, elt): cvssv2 = 0.0 cvssv3 = None try: - accessVector = accessVector or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] - vectorString = vectorString or elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString'] + accessVector = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['attackVector'] + vectorString = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['vectorString'] cvssv3 = elt['cve']['metrics']['cvssMetricV30'][0]['cvssData']['baseScore'] except KeyError: pass try: - accessVector = accessVector or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] - vectorString = vectorString or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString'] + accessVector = elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['attackVector'] + vectorString = elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['vectorString'] cvssv3 = cvssv3 or elt['cve']['metrics']['cvssMetricV31'][0]['cvssData']['baseScore'] except KeyError: pass cvssv3 = cvssv3 or 0.0 try: - accessVector = accessVector or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector'] - vectorString = vectorString or elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString'] + accessVector = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['attackVector'] + vectorString = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['vectorString'] cvssv4 = elt['cve']['metrics']['cvssMetricV40'][0]['cvssData']['baseScore'] except KeyError: cvssv4 = 0.0 -- 2.34.1
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#207929): https://lists.openembedded.org/g/openembedded-core/message/207929 Mute This Topic: https://lists.openembedded.org/mt/109805499/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
