@@ -357,6 +357,10 @@ def update_db(conn, elt):
[cveId, cveDesc, cvssv2, cvssv3, date, accessVector, vectorString]).close()
try:
+ # Remove any pre-existing CVE configuration. Even for partial database
+ # update, those will be repopulated. This ensures that old
+ # configuration is not kept for an updated CVE.
+ conn.execute("delete from PRODUCTS where ID = ?", [cveId]).close()
for config in elt['cve']['configurations']:
# This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
for node in config["nodes"]:
When a CVE is created, it often has no precise version information and this is stored as "-" (matching any version). After an update, version information is added. The previous "-" must be removed, otherwise, the CVE is still "Unpatched" for cve-check. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++ 1 file changed, 4 insertions(+)