mirror of
git://git.yoctoproject.org/poky.git
synced 2025-07-19 12:59:02 +02:00
cve-check-map: add new statuses
Add 'fix-file-included', 'version-not-in-range' and 'version-in-range' generated by the cve-check. 'fix-file-included' means that a fix file for the CVE has been located. 'version-not-in-range' means that the product version has been found outside of the vulnerable range. 'version-in-range' means that the product version has been found inside of the vulnerable range. (From OE-Core rev: d25f1817752bc8a84c40dcbef75f7559801ce15e) Signed-off-by: Marta Rybczynska <marta.rybczynska@syslinbit.com> Signed-off-by: Samantha Jalabert <samantha.jalabert@syslinbit.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
parent
3859ff5915
commit
72dd8c0d56
|
@ -8,11 +8,17 @@ CVE_CHECK_STATUSMAP[backported-patch] = "Patched"
|
|||
CVE_CHECK_STATUSMAP[cpe-stable-backport] = "Patched"
|
||||
# use when NVD DB does not mention correct version or does not mention any verion at all
|
||||
CVE_CHECK_STATUSMAP[fixed-version] = "Patched"
|
||||
# use when a fix file has been included (set automatically)
|
||||
CVE_CHECK_STATUSMAP[fix-file-included] = "Patched"
|
||||
# do not use directly: automatic scan reports version number NOT in the vulnerable range (set automatically)
|
||||
CVE_CHECK_STATUSMAP[version-not-in-range] = "Patched"
|
||||
|
||||
# used internally by this class if CVE vulnerability is detected which is not marked as fixed or ignored
|
||||
CVE_CHECK_STATUSMAP[unpatched] = "Unpatched"
|
||||
# use when CVE is confirmed by upstream but fix is still not available
|
||||
CVE_CHECK_STATUSMAP[vulnerable-investigating] = "Unpatched"
|
||||
# do not use directly: automatic scan reports version number IS in the vulnerable range (set automatically)
|
||||
CVE_CHECK_STATUSMAP[version-in-range] = "Unpatched"
|
||||
|
||||
# used for migration from old concept, do not use for new vulnerabilities
|
||||
CVE_CHECK_STATUSMAP[ignored] = "Ignored"
|
||||
|
@ -26,3 +32,6 @@ CVE_CHECK_STATUSMAP[not-applicable-config] = "Ignored"
|
|||
CVE_CHECK_STATUSMAP[not-applicable-platform] = "Ignored"
|
||||
# use when upstream acknowledged the vulnerability but does not plan to fix it
|
||||
CVE_CHECK_STATUSMAP[upstream-wontfix] = "Ignored"
|
||||
|
||||
# use when it is impossible to conclude if the vulnerability is present or not
|
||||
CVE_CHECK_STATUSMAP[unknown] = "Unknown"
|
||||
|
|
Loading…
Reference in New Issue
Block a user