There is a new CVE which is missing vulnStatus field:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2682
This leads to:
File: '<snip>/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 336, function: update_db
0332:
0333: accessVector = None
0334: vectorString = None
0335: cveId = elt['cve']['id']
*** 0336: if elt['cve']['vulnStatus'] == "Rejected":
0337: c = conn.cursor()
0338: c.execute("delete from PRODUCTS where ID = ?;", [cveId])
0339: c.execute("delete from NVD where ID = ?;", [cveId])
0340: c.close()
Exception: KeyError: 'vulnStatus'
Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
accessVector = None
vectorString = None
cveId = elt['cve']['id']
- if elt['cve']['vulnStatus'] == "Rejected":
+ if elt['cve'].get('vulnStatus') == "Rejected":
c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId])
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
