Message ID | 20240315002020.2194310-5-yoann.congal@smile.fr |
---|---|
State | Accepted, archived |
Commit | f276a980b8930b98e6c8f0e1a865d77dfcfe5085 |
Headers | show |
Series | Fixes around CVE incremental update | expand |
diff --git a/meta/recipes-core/meta/cve-update-nvd2-native.bb b/meta/recipes-core/meta/cve-update-nvd2-native.bb index 4b8d01fe84..1901641965 100644 --- a/meta/recipes-core/meta/cve-update-nvd2-native.bb +++ b/meta/recipes-core/meta/cve-update-nvd2-native.bb @@ -324,6 +324,10 @@ def update_db(conn, elt): vectorString = None cveId = elt['cve']['id'] if elt['cve']['vulnStatus'] == "Rejected": + c = conn.cursor() + c.execute("delete from PRODUCTS where ID = ?;", [cveId]) + c.execute("delete from NVD where ID = ?;", [cveId]) + c.close() return cveDesc = "" for desc in elt['cve']['descriptions']:
When a CVE is updated to be rejected, matching database entries must be removed. Otherwise: * an incremental update is not equivalent the to an initial download. * rejected CVEs might still appear as Unpatched in cve-check. Signed-off-by: Yoann Congal <yoann.congal@smile.fr> --- meta/recipes-core/meta/cve-update-nvd2-native.bb | 4 ++++ 1 file changed, 4 insertions(+)