linux/cve-exclusion: correct fixed-version calculation

Current code takes the first version found as "fixed-version". That is not correct as it is almost always only the oldest backport. Fix it by unconditionally shift the assigmnet of variable "fixed" so that we take last instead of first version. Cc: daniel.turull@ericsson.com (From OE-Core rev: 4e2c441b64675933cc5f684d0e19cdc18ceaab18) Signed-off-by: Peter Marko <peter.marko@siemens.com> Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org> (cherry picked from commit 68f8e58a249c8adef18e63f0841e8bfea16f354e) Signed-off-by: Steve Sakoman <steve@sakoman.com>
2025-07-19 12:59:02 +02:00 · 2025-04-27 11:43:00 +02:00 · 2025-04-27 11:43:00 +02:00 · f6680f7eb7
commit f6680f7eb7
parent ad8cb5c2b2
1 changed files with 1 additions and 2 deletions
--- a/meta/recipes-kernel/linux/generate-cve-exclusions.py
+++ b/meta/recipes-kernel/linux/generate-cve-exclusions.py
@ -67,10 +67,9 @@ def get_fixed_versions(cve_info, base_version):

                if not first_affected:
                    first_affected = v
-                    fixed = less_than
+                fixed = less_than
                if base_version < v and v < next_version:
                    first_affected = v
-                    fixed = less_than
                    fixed_backport = less_than

    return first_affected, fixed, fixed_backport