a206bbc5fe
The .affects() method of the CVE class in support/scripts/cve.py can return 3 values: CVE_AFFECTS, CVE_DOESNT_AFFECT and CVE_UNKNOWN. We of course properly account for CVEs where .affects() return CVE_AFFECTS, but the ones for which CVE_UNKNOWN is returned are currently ignored, and therefore treated as if they did not affect the package. However CVE_UNKNOWN in fact indicates that the v_start/v_end fields of the CPE entry could not be parsed by distutils.version.LooseVersion(). Instead of ignoring such cases, this commit adds support for the concept of "unsure CVEs", which will be listed next to CVEs known to affect the package, so that we are aware of them and can investigate the version issue. Signed-off-by: Gregory CLEMENT <gregory.clement@bootlin.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com> |
||
|---|---|---|
| .. | ||
| config-fragments | ||
| dependencies | ||
| docker | ||
| download | ||
| gnuconfig | ||
| kconfig | ||
| legal-info | ||
| libtool | ||
| misc | ||
| scripts | ||
| testing | ||