Commit cc20e4d8 authored Dec 06, 2019 by Niko Mauno Committed by Richard Purdie Dec 09, 2019

cve-check: Switch to NVD CVE JSON feed version 1.1

Switch to recently released version 1.1 of NVD CVE JSON feed, as in
https://nvd.nist.gov/General/News/JSON-1-1-Vulnerability-Feed-Release


it is mentioned that

  Due to changes required to support CVSS v3.1 scoring, the JSON
  vulnerability feeds must be modified. This will require the consumers
  of this data to update their internal processes. We will be providing
  the JSON 1.1 schema on the data feeds page and the information below
  to prepare for this transition.
  ...
  The JSON 1.1 data feeds will be available on September 9th, 2019. At
  that time the current JSON 1.0 data feeds will no longer available.

This change was tested briefly by issuing 'bitbake core-image-minimal'
with 'cve-check.bbclass' inherited via local.conf, and then comparing
the content between the resulting two
'DEPLOY_DIR_IMAGE/core-image-minimal-qemux86.cve' files, which did not
seem to contain any other change, except total of 167 entries like

  CVSS v3 BASE SCORE: 0.0

were replaced with similar 'CVSS v3 BASE SCORE:' entries which had
scores that were greater than '0.0' (up to '9.8').

Signed-off-by: Niko Mauno <niko.mauno@iki.fi>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>

parent b45c967a

Show whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit c92b8804
· Dec 18, 2019

mentioned in commit c92b8804

mentioned in commit c92b8804d6e59b2707332859957f0e6a46db0a73

Toggle commit list
mirror @mirror
mentioned in commit 72c22b87
· Jan 18, 2020

mentioned in commit 72c22b87

mentioned in commit 72c22b8791707480c380f49305c6d394578b2a4b

Toggle commit list

Please register or to comment