MIRRORS/poky
1
0
Fork 0
mirror of git://git.yoctoproject.org/poky.git synced 2025-07-19 12:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity

cve-update-nvd2-native: handle missing vulnStatus

Browse Source 
There is a new CVE which is missing vulnStatus field:
https://services.nvd.nist.gov/rest/json/cves/2.0?cveId=CVE-2025-2682

This leads to:
File: '<snip>/poky/meta/recipes-core/meta/cve-update-nvd2-native.bb', lineno: 336, function: update_db
     0332:
     0333:    accessVector = None
     0334:    vectorString = None
     0335:    cveId = elt['cve']['id']
 *** 0336:    if elt['cve']['vulnStatus'] ==  "Rejected":
     0337:        c = conn.cursor()
     0338:        c.execute("delete from PRODUCTS where ID = ?;", [cveId])
     0339:        c.execute("delete from NVD where ID = ?;", [cveId])
     0340:        c.close()
Exception: KeyError: 'vulnStatus'

(From OE-Core rev: 1508a97b175ccfc52a7ab64cbb4c9ce33d12bcb3)

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
This commit is contained in:
Peter Marko 2025-03-28 16:47:12 +01:00 committed by Richard Purdie
parent 9a9029e0af
commit fd85dd43e8
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
meta/recipes-core/meta/cve-update-nvd2-native.bb
View File

@ -336,7 +336,7 @@ def update_db(conn, elt):
accessVector = None
vectorString = None
cveId = elt['cve']['id']
if elt['cve']['vulnStatus'] == "Rejected":
if elt['cve'].get('vulnStatus') == "Rejected":
c = conn.cursor()
c.execute("delete from PRODUCTS where ID = ?;", [cveId])
c.execute("delete from NVD where ID = ?;", [cveId])