From: Peter Marko <peter.ma...@siemens.com> Recently NVD updated all CVEs for json-c and old fixed CVE-2020-12762 is reported by cve_check now. NVD match clause now includes full tag name including date which is "greater" than tag without additional numbers.
Fix it by defining CVE_VERSION identical to full tag. Put it close to hash so recipe update patch includes this line. Signed-off-by: Peter Marko <peter.ma...@siemens.com> --- meta/recipes-devtools/json-c/json-c_0.15.bb | 3 +++ 1 file changed, 3 insertions(+) diff --git a/meta/recipes-devtools/json-c/json-c_0.15.bb b/meta/recipes-devtools/json-c/json-c_0.15.bb index 4da30bc50c..b3679e0135 100644 --- a/meta/recipes-devtools/json-c/json-c_0.15.bb +++ b/meta/recipes-devtools/json-c/json-c_0.15.bb @@ -12,6 +12,9 @@ SRC_URI = " \ SRC_URI[sha256sum] = "b8d80a1ddb718b3ba7492916237bbf86609e9709fb007e7f7d4322f02341a4c6" +# NVD uses full tag name including date +CVE_VERSION = "0.15-20200726" + UPSTREAM_CHECK_URI = "https://github.com/${BPN}/${BPN}/tags" UPSTREAM_CHECK_REGEX = "json-c-(?P<pver>\d+(\.\d+)+)-\d+" -- 2.30.2
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#188343): https://lists.openembedded.org/g/openembedded-core/message/188343 Mute This Topic: https://lists.openembedded.org/mt/101626335/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-