git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit

spdx30: handle Unknown CVE_STATUS

CVE_STATUS can be also "Unknown" since oe-core commit
d25f1817752bc8a84c40dcbef75f7559801ce15e

When this status type is used, build fails with e.g.
ERROR: openssl-3.4.1-r0 do_create_spdx: Unknown CVE-2025-0001 status 'Unknown'

Since this is now a valid status, it needs to be handled.
It cannot be mapped to any VEX status (see below), so just skip it.
Possible VEX statuses are: NOT AFFECTED, AFFECTED, FIXED, and UNDER INVESTIGATION.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
cc: Marta Rybczynska <rybczynska@gmail.com>
Signed-off-by: Mathieu Dubois-Briand <mathieu.dubois-briand@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

author	Peter Marko <peter.marko@siemens.com>
	Mon, 31 Mar 2025 11:11:28 +0000 (13:11 +0200)
committer	Richard Purdie <richard.purdie@linuxfoundation.org>
	Mon, 7 Apr 2025 16:59:29 +0000 (17:59 +0100)
commit	2d3081ef63c8a54df62a2a08bd36008c20eed65a
tree	de757081d2f1698512c53b54ee65752167e36298	tree \| snapshot
parent	3ae2c70fe83bc242b7a13655bc38431c81033c66	commit \| diff