cve_check: handle CVE_STATUS being set to the empty string
Handle CVE_STATUS[...] being set to an empty string just as if it was
not set at all.
This is needed for evaluated CVE_STATUS values to work, i.e. when
setting not-applicable-config if a PACKAGECONFIG is disabled.
Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit
2c9f20f746251505d9d09262600199ffa87731a2)
Signed-off-by: Steve Sakoman <steve@sakoman.com>