kumquat-buildroot/support/scripts
Thomas Petazzoni 1ff7f003e1 support/scripts/cve.py: properly match CPEs with version '*'
Currently, when the version encoded in a CPE is '-', we assume all
versions are affected, but when it's '*' with no further range
information, we assume no version is affected.

This doesn't make sense, so instead, we handle '*' and '-' in the same
way. If there's no version information available in the CVE CPE ID, we
assume all versions are affected.

This increases quite a bit the number of CVEs and package affected:

-    "total-cves": 302,
-    "pkg-cves": 100,
+    "total-cves": 597,
+    "pkg-cves": 135,

For example, CVE-2007-4476 has a CPE ID of:

    cpe:2.3🅰️gnu:tar:*:*:*:*:*:*:*:*

So it should be taken into account. In this specific case, it is
combined with an AND with CPE ID
cpe:2.3suse:suse_linux:10:*:enterprise_server:*:*:*:*:* but since
we don't support this kind of matching, we'd better be on the safe
side, and report this CVE as affecting tar, do an analysis of the CVE
impact, and document it in TAR_IGNORE_CVES.

Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
Reviewed-by: Matt Weber <matthew.weber@rockwellcollins.com>
Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
2020-11-26 16:31:37 +01:00
..
apply-patches.sh support/scripts/apply-patches.sh: manage uncompression 2020-10-17 14:44:05 +02:00
boot-qemu-image.py support/scripts/boot-qemu-image.py: wait before using expect 2020-04-22 22:04:47 +02:00
br2-external system: support br2-external init systems 2020-10-14 22:48:42 +02:00
brpkgutil.py
check-bin-arch package/guile: bump to version 3.0.4 2020-08-08 18:59:19 +02:00
check-dotconfig.py support/scripts: add check-dotconfig.py 2020-07-27 18:13:19 +02:00
check-host-rpath core: implement per-package SDK and target 2019-11-29 14:24:05 +01:00
check-kernel-headers.sh support/scripts/check-kernel-headers.sh: do not print error for loose checks 2020-03-21 15:47:03 +01:00
check-merged-usr.sh
cve.py support/scripts/cve.py: properly match CPEs with version '*' 2020-11-26 16:31:37 +01:00
eclipse-register-toolchain
expunge-gconv-modules
fix-configure-powerpc64.sh
fix-rpath package/pkg-generic.mk, support/scripts/fix-rpath: fix per-package regexp 2019-12-12 08:27:54 +01:00
gen-bootlin-toolchains support/scripts/gen-bootlin-toolchains: add support for more PowerPC toolchains 2020-10-14 23:57:54 +02:00
generate-gitlab-ci-yml support/scripts/generate-gitlab-ci-yml: rework generation of pipelines 2020-10-06 15:38:48 +02:00
genimage.sh support/scripts/genimage.sh: pass an empty rootpath to genimage 2019-10-27 12:19:32 +01:00
graph-build-time
graph-depends
hardlink-or-copy
mkmakefile
mkusers
pkg-stats support/scripts/pkg-stats: support generating stats based on configured packages 2020-11-11 12:03:55 +01:00
pycompile.py support/scripts/pycompile: add --verbose option 2020-09-13 10:28:36 +02:00
setlocalversion support/scripts/setlocalversion: fix/improve Mercurial output 2020-10-03 09:11:03 +02:00
size-stats