]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core.git/commit
projects / thirdparty / openembedded / openembedded-core.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: c7297f4) | patch
cve-update-db-native: fix fetcher for CVEs missing nodes
authorPeter Marko <peter.marko@siemens.com>
Sun, 24 Aug 2025 14:12:40 +0000 (16:12 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 25 Aug 2025 19:53:29 +0000 (12:53 -0700)
commit5bc27449381d2a53588dc7ad1fe2b78783d5c240
treeb0da818991b30541e277b37428609f1ea12bd486tree
parentc7297f46efa410a9204d3d386d307deada967bb6commit | diff
cve-update-db-native: fix fetcher for CVEs missing nodes

As of now, update of CVE DB from FKIE source (which is the defailt)
fails with following error:

File: '<build>/poky/meta/recipes-core/meta/cve-update-db-native.bb', lineno: 393, function: update_db_fkie
     0389:                [cveId, cveDesc, cvssv2, cvssv3, cvssv4, date, accessVector, vectorString]).close()
     0390:
     0391:        for config in elt['configurations']:
     0392:            # This is suboptimal as it doesn't handle AND/OR and negate, but is better than nothing
 *** 0393:            for node in config["nodes"]:
     0394:                parse_node_and_insert(conn, node, cveId, False)
     0395:
     0396:def update_db(d, conn, jsondata):
     0397:    if (d.getVar("NVD_DB_VERSION") == "FKIE"):
Exception: KeyError: 'nodes'

Entry for new CVE-2025-32915 is broken.

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-core/meta/cve-update-db-native.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core