Re: [Buildroot] [PATCH 1/1] cve-check: fix CVE URL format

From: Thomas Perale via buildroot <buildroot@buildroot.org>
To: Fabien Lehoussel <fabien.lehoussel@smile.fr>
Cc: Thomas Perale <thomas.perale@mind.be>, buildroot@buildroot.org
Subject: Re: [Buildroot] [PATCH 1/1] cve-check: fix CVE URL format
Date: Fri, 27 Mar 2026 11:02:34 +0100	[thread overview]
Message-ID: <20260327100234.46078-1-thomas.perale@mind.be> (raw)
In-Reply-To: <20260224133341.1711806-1-fabien.lehoussel@smile.fr>

In reply of:
> Update NVD source to full URL format following CycloneDC 1.6
> specification [1].
> 
> Before: "url": "https://nvd.nist.gov/"
> After:  "url": "https://nvd.nist.gov/vuln/detail/CVE-XXXX"
> 
> [1] https://cyclonedx.org/docs/1.6/json/#vulnerabilities_items_source_url
> 
> Signed-off-by: Fabien Lehoussel <fabien.lehoussel@smile.fr>

Applied to 2026.02.x & 2025.02.x. Thanks

> ---
>  support/scripts/cve-check | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/support/scripts/cve-check b/support/scripts/cve-check
> index ff14e4b238..bcd970bad8 100755
> --- a/support/scripts/cve-check
> +++ b/support/scripts/cve-check
> @@ -131,7 +131,7 @@ def nvd_cve_to_cdx_vulnerability(nvd_cve):
>          "description": cve_api_get_lang_from_list(nvd_cve.get("descriptions", [])) or "",
>          "source": {
>              "name": "NVD",
> -            "url": "https://nvd.nist.gov/"
> +            "url": f"https://nvd.nist.gov/vuln/detail/{nvd_cve['id']}"
>          },
>          **({
>              "published": nvd_cve["published"],
> -- 
> 2.43.0
> 
> _______________________________________________
> buildroot mailing list
> buildroot@buildroot.org
> https://lists.buildroot.org/mailman/listinfo/buildroot
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot