]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 4f26edb) | patch
cve-update-db-native: fix fetcher for CVEs missing nodes
authorPeter Marko <peter.marko@siemens.com>
Sat, 23 Aug 2025 20:15:12 +0000 (22:15 +0200)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Mon, 25 Aug 2025 16:46:38 +0000 (17:46 +0100)
commit152be29f6a732b2ba1c95bcf465455d2a5a3f33a
tree114bfabf896515a69b9bc4497496573278532a6btree | snapshot
parent4f26edb6fd7e3dc5f81c56faed3a0edd9264bf66commit | diff
cve-update-db-native: fix fetcher for CVEs missing nodes

As of now, update of CVE DB from FKIE source (which is the defailt)
fails with following error:

File: '<build>/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 393, function: update_db_fkie
     0389:                [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
     0390:
     0391:        for config in elt['configurations']:
     0392:            # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
 *** 0393:            for node in config["nodes"]:
     0394:                parse_node_and_insert(conn, node, cveId, False)
     0395:
     0396:def update_db(d, conn, jsondata):
     0397:    if (d.getVar("NVD_DB_VERSION") == "FKIE"):
Exception: KeyError: 'nodes'

Entry for new CVE-2025-32915 is broken.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
meta/recipes-core/meta/cve-update-db-native.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core