git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit

author	Niko Mauno <niko.mauno@vaisala.com>
	Mon, 26 May 2025 09:29:26 +0000 (09:29 +0000)
committer	Steve Sakoman <steve@sakoman.com>
	Tue, 1 Jul 2025 13:56:47 +0000 (06:56 -0700)
commit	562f5def8b16ddf23d841ce01419879b7a3aeb2b
tree	010ae13bc7d19434d571d35b96c063906cbd094e	tree \| snapshot
parent	131b9ee79e4377c0a5ca1ba09d1ecd313548af00	commit \| diff

linux: cve-exclusions: Fix false negatives

Amend the generate-cve-exclusions.py checking logic in part of the code
responsible for iterating the "affected" defaultStatus part of the JSON
structure in order to mitigate occurrences of false negatives in the
generated output, as well as occurrences of wrong reason for negative
result in case where the reason is actually that the checked kernel
version is in backport fix scope.

In tandem we regenerate the content of cve-exclusion_6.12.inc using
https://github.com/CVEProject/cvelistV5.git repository main branch at
git hash b20d0043711588b6409ae3118bc0510ab888c316 to keep the content
in sync with the script.

Signed-off-by: Niko Mauno <niko.mauno@vaisala.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit b1a5939535d67b9c0e6d8c2729cff9749a0ebaae)
Signed-off-by: Steve Sakoman <steve@sakoman.com>

meta/recipes-kernel/linux/cve-exclusion_6.12.inc		diff \| blob \| blame \| history
meta/recipes-kernel/linux/generate-cve-exclusions.py		diff \| blob \| blame \| history