From: "Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)" <hetpat@cisco.com>
To: openembedded-core@lists.openembedded.org
Cc: xe-linux-external@cisco.com, vchavda@cisco.com
Subject: [openembedded-core] [scarthgap] [PATCH v1 14/34] cve-check: Rework patch parsing
Date: Thu, 19 Feb 2026 21:34:23 -0800 [thread overview]
Message-ID: <20260220053443.3006180-14-hetpat@cisco.com> (raw)
In-Reply-To: <20260220053443.3006180-1-hetpat@cisco.com>
From: Colin McAllister <colinmca242@gmail.com>
The cve_check functionality to parse CVE IDs from the patch filename and
patch contents have been reworked to improve parsing and also utilize
tests. This ensures that the parsing works as intended.
Additionally, the new patched_cves dict has a few issues I tried to fix
as well. If multiple patch files exist for a single CVE ID, only the
last one will show up with the "resource" key. The value for the
"resource" key has been updated to hold a list and return all patch
files associated with a given CVE ID. Also, at the end of
get_patch_cves, CVE_STATUS can overwrite an existing entry in the dict.
This could cause an issue, for example, if a CVE has been addressed via
a patch, but a CVE_STATUS line also exists that ignores the given CVE
ID. A warning has been added if this ever happens.
Signed-off-by: Colin McAllister <colinmca242@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 87c6da681609b4f8e048eca2a27ae8e068c724e1)
Signed-off-by: Het Patel <hetpat@cisco.com>
---
meta/lib/oe/cve_check.py | 166 ++++++++++++------
meta/lib/oeqa/selftest/cases/cve_check.py | 205 ++++++++++++++++++++++
2 files changed, 317 insertions(+), 54 deletions(-)
diff --git a/meta/lib/oe/cve_check.py b/meta/lib/oe/cve_check.py
index 8e676bcc74..c1f36db775 100644
--- a/meta/lib/oe/cve_check.py
+++ b/meta/lib/oe/cve_check.py
@@ -5,9 +5,11 @@
#
import collections
-import re
-import itertools
import functools
+import itertools
+import os.path
+import re
+import oe.patch
_Version = collections.namedtuple(
"_Version", ["release", "patch_l", "pre_l", "pre_v"]
@@ -71,76 +73,132 @@ def _cmpkey(release, patch_l, pre_l, pre_v):
return _release, _patch, _pre
-def get_patched_cves(d):
+def parse_cve_from_filename(patch_filename):
"""
- Get patches that solve CVEs using the "CVE: " tag.
+ Parses CVE ID from the filename
+
+ Matches the last "CVE-YYYY-ID" in the file name, also if written
+ in lowercase. Possible to have multiple CVE IDs in a single
+ file name, but only the last one will be detected from the file name.
+
+ Returns the last CVE ID foudn in the filename. If no CVE ID is found
+ an empty string is returned.
"""
+ cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d{4,})", re.IGNORECASE)
- import re
- import oe.patch
+ # Check patch file name for CVE ID
+ fname_match = cve_file_name_match.search(patch_filename)
+ return fname_match.group(1).upper() if fname_match else ""
- cve_match = re.compile(r"CVE:( CVE-\d{4}-\d+)+")
- # Matches the last "CVE-YYYY-ID" in the file name, also if written
- # in lowercase. Possible to have multiple CVE IDs in a single
- # file name, but only the last one will be detected from the file name.
- # However, patch files contents addressing multiple CVE IDs are supported
- # (cve_match regular expression)
- cve_file_name_match = re.compile(r".*(CVE-\d{4}-\d+)", re.IGNORECASE)
+def parse_cves_from_patch_contents(patch_contents):
+ """
+ Parses CVE IDs from patch contents
+ Matches all CVE IDs contained on a line that starts with "CVE: ". Any
+ delimiter (',', '&', "and", etc.) can be used without any issues. Multiple
+ "CVE:" lines can also exist.
+
+ Returns a set of all CVE IDs found in the patch contents.
+ """
+ cve_ids = set()
+ cve_match = re.compile(r"CVE-\d{4}-\d{4,}")
+ # Search for one or more "CVE: " lines
+ for line in patch_contents.split("\n"):
+ if not line.startswith("CVE:"):
+ continue
+ cve_ids.update(cve_match.findall(line))
+ return cve_ids
+
+
+def parse_cves_from_patch_file(patch_file):
+ """
+ Parses CVE IDs associated with a particular patch file, using both the filename
+ and patch contents.
+
+ Returns a set of all CVE IDs found in the patch filename and contents.
+ """
+ cve_ids = set()
+ filename_cve = parse_cve_from_filename(patch_file)
+ if filename_cve:
+ bb.debug(2, "Found %s from patch file name %s" % (filename_cve, patch_file))
+ cve_ids.add(parse_cve_from_filename(patch_file))
+
+ # Remote patches won't be present and compressed patches won't be
+ # unpacked, so say we're not scanning them
+ if not os.path.isfile(patch_file):
+ bb.note("%s is remote or compressed, not scanning content" % patch_file)
+ return cve_ids
+
+ with open(patch_file, "r", encoding="utf-8") as f:
+ try:
+ patch_text = f.read()
+ except UnicodeDecodeError:
+ bb.debug(
+ 1,
+ "Failed to read patch %s using UTF-8 encoding"
+ " trying with iso8859-1" % patch_file,
+ )
+ f.close()
+ with open(patch_file, "r", encoding="iso8859-1") as f:
+ patch_text = f.read()
+
+ cve_ids.update(parse_cves_from_patch_contents(patch_text))
+
+ if not cve_ids:
+ bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
+ else:
+ bb.debug(2, "Patch %s solves %s" % (patch_file, ", ".join(sorted(cve_ids))))
+
+ return cve_ids
+
+
+def get_patched_cves(d):
+ """
+ Determines the CVE IDs that have been solved by either patches incuded within
+ SRC_URI or by setting CVE_STATUS.
+
+ Returns a dictionary with the CVE IDs as keys and an associated dictonary of
+ relevant metadata as the value.
+ """
patched_cves = {}
patches = oe.patch.src_patches(d)
bb.debug(2, "Scanning %d patches for CVEs" % len(patches))
+
+ # Check each patch file
for url in patches:
patch_file = bb.fetch.decodeurl(url)[2]
-
- # Check patch file name for CVE ID
- fname_match = cve_file_name_match.search(patch_file)
- if fname_match:
- cve = fname_match.group(1).upper()
- patched_cves[cve] = {"abbrev-status": "Patched", "status": "fix-file-included", "resource": patch_file}
- bb.debug(2, "Found %s from patch file name %s" % (cve, patch_file))
-
- # Remote patches won't be present and compressed patches won't be
- # unpacked, so say we're not scanning them
- if not os.path.isfile(patch_file):
- bb.note("%s is remote or compressed, not scanning content" % patch_file)
- continue
-
- with open(patch_file, "r", encoding="utf-8") as f:
- try:
- patch_text = f.read()
- except UnicodeDecodeError:
- bb.debug(1, "Failed to read patch %s using UTF-8 encoding"
- " trying with iso8859-1" % patch_file)
- f.close()
- with open(patch_file, "r", encoding="iso8859-1") as f:
- patch_text = f.read()
-
- # Search for one or more "CVE: " lines
- text_match = False
- for match in cve_match.finditer(patch_text):
- # Get only the CVEs without the "CVE: " tag
- cves = patch_text[match.start()+5:match.end()]
- for cve in cves.split():
- bb.debug(2, "Patch %s solves %s" % (patch_file, cve))
- patched_cves[cve] = {"abbrev-status": "Patched", "status": "fix-file-included", "resource": patch_file}
- text_match = True
-
- if not fname_match and not text_match:
- bb.debug(2, "Patch %s doesn't solve CVEs" % patch_file)
+ for cve_id in parse_cves_from_patch_file(patch_file):
+ if cve_id not in patched_cves:
+ {
+ "abbrev-status": "Patched",
+ "status": "fix-file-included",
+ "resource": [patch_file],
+ }
+ else:
+ patched_cves[cve_id]["resource"].append(patch_file)
# Search for additional patched CVEs
- for cve in (d.getVarFlags("CVE_STATUS") or {}):
- decoded_status = decode_cve_status(d, cve)
+ for cve_id in d.getVarFlags("CVE_STATUS") or {}:
+ decoded_status = decode_cve_status(d, cve_id)
products = d.getVar("CVE_PRODUCT")
- if has_cve_product_match(decoded_status, products) == True:
- patched_cves[cve] = {
+ if has_cve_product_match(decoded_status, products):
+ if cve_id in patched_cves:
+ bb.warn(
+ 'CVE_STATUS[%s] = "%s" is overwriting previous status of "%s: %s"'
+ % (
+ cve_id,
+ d.getVarFlag("CVE_STATUS", cve_id),
+ patched_cves[cve_id]["abbrev-status"],
+ patched_cves[cve_id]["status"],
+ )
+ )
+ patched_cves[cve_id] = {
"abbrev-status": decoded_status["mapping"],
"status": decoded_status["detail"],
"justification": decoded_status["description"],
"affected-vendor": decoded_status["vendor"],
- "affected-product": decoded_status["product"]
+ "affected-product": decoded_status["product"],
}
return patched_cves
diff --git a/meta/lib/oeqa/selftest/cases/cve_check.py b/meta/lib/oeqa/selftest/cases/cve_check.py
index 3dd3e89d3e..511e4b81b4 100644
--- a/meta/lib/oeqa/selftest/cases/cve_check.py
+++ b/meta/lib/oeqa/selftest/cases/cve_check.py
@@ -120,6 +120,211 @@ class CVECheck(OESelftestTestCase):
self.assertEqual(has_cve_product_match(status, "test glibca:glibc"), True)
self.assertEqual(has_cve_product_match(status, "glibca:glibc test"), True)
+ def test_parse_cve_from_patch_filename(self):
+ from oe.cve_check import parse_cve_from_filename
+
+ # Patch filename without CVE ID
+ self.assertEqual(parse_cve_from_filename("0001-test.patch"), "")
+
+ # Patch with single CVE ID
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2022-12345.patch"), "CVE-2022-12345"
+ )
+
+ # Patch with multiple CVE IDs
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2022-41741-CVE-2022-41742.patch"),
+ "CVE-2022-41742",
+ )
+
+ # Patches with CVE ID and appended text
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2023-3019-0001.patch"), "CVE-2023-3019"
+ )
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2024-21886-1.patch"), "CVE-2024-21886"
+ )
+
+ # Patch with CVE ID and prepended text
+ self.assertEqual(
+ parse_cve_from_filename("grep-CVE-2012-5667.patch"), "CVE-2012-5667"
+ )
+ self.assertEqual(
+ parse_cve_from_filename("0001-CVE-2012-5667.patch"), "CVE-2012-5667"
+ )
+
+ # Patch with CVE ID and both prepended and appended text
+ self.assertEqual(
+ parse_cve_from_filename(
+ "0001-tpm2_import-fix-fixed-AES-key-CVE-2021-3565-0001.patch"
+ ),
+ "CVE-2021-3565",
+ )
+
+ # Only grab the last CVE ID in the filename
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2012-5667-CVE-2012-5668.patch"),
+ "CVE-2012-5668",
+ )
+
+ # Test invalid CVE ID with incorrect length (must be at least 4 digits)
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2024-001.patch"),
+ "",
+ )
+
+ # Test valid CVE ID with very long length
+ self.assertEqual(
+ parse_cve_from_filename("CVE-2024-0000000000000000000000001.patch"),
+ "CVE-2024-0000000000000000000000001",
+ )
+
+ def test_parse_cve_from_patch_contents(self):
+ import textwrap
+ from oe.cve_check import parse_cves_from_patch_contents
+
+ # Standard patch file excerpt without any patches
+ self.assertEqual(
+ parse_cves_from_patch_contents(
+ textwrap.dedent("""\
+ remove "*" for root since we don't have a /etc/shadow so far.
+
+ Upstream-Status: Inappropriate [configuration]
+
+ Signed-off-by: Scott Garman <scott.a.garman@intel.com>
+
+ --- base-passwd/passwd.master~nobash
+ +++ base-passwd/passwd.master
+ @@ -1,4 +1,4 @@
+ -root:*:0:0:root:/root:/bin/sh
+ +root::0:0:root:/root:/bin/sh
+ daemon:*:1:1:daemon:/usr/sbin:/bin/sh
+ bin:*:2:2:bin:/bin:/bin/sh
+ sys:*:3:3:sys:/dev:/bin/sh
+ """)
+ ),
+ set(),
+ )
+
+ # Patch file with multiple CVE IDs (space-separated)
+ self.assertEqual(
+ parse_cves_from_patch_contents(
+ textwrap.dedent("""\
+ There is an assertion in function _cairo_arc_in_direction().
+
+ CVE: CVE-2019-6461 CVE-2019-6462
+ Upstream-Status: Pending
+ Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+ diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+ index 390397bae..1bde774a4 100644
+ --- a/src/cairo-arc.c
+ +++ b/src/cairo-arc.c
+ @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+ - assert (angle_max >= angle_min);
+ + if (angle_max < angle_min)
+ + return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+ """),
+ ),
+ {"CVE-2019-6461", "CVE-2019-6462"},
+ )
+
+ # Patch file with multiple CVE IDs (comma-separated w/ both space and no space)
+ self.assertEqual(
+ parse_cves_from_patch_contents(
+ textwrap.dedent("""\
+ There is an assertion in function _cairo_arc_in_direction().
+
+ CVE: CVE-2019-6461,CVE-2019-6462, CVE-2019-6463
+ Upstream-Status: Pending
+ Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+ diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+ index 390397bae..1bde774a4 100644
+ --- a/src/cairo-arc.c
+ +++ b/src/cairo-arc.c
+ @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+ - assert (angle_max >= angle_min);
+ + if (angle_max < angle_min)
+ + return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+
+ """),
+ ),
+ {"CVE-2019-6461", "CVE-2019-6462", "CVE-2019-6463"},
+ )
+
+ # Patch file with multiple CVE IDs (&-separated)
+ self.assertEqual(
+ parse_cves_from_patch_contents(
+ textwrap.dedent("""\
+ There is an assertion in function _cairo_arc_in_direction().
+
+ CVE: CVE-2019-6461 & CVE-2019-6462
+ Upstream-Status: Pending
+ Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+ diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+ index 390397bae..1bde774a4 100644
+ --- a/src/cairo-arc.c
+ +++ b/src/cairo-arc.c
+ @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+ - assert (angle_max >= angle_min);
+ + if (angle_max < angle_min)
+ + return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+ """),
+ ),
+ {"CVE-2019-6461", "CVE-2019-6462"},
+ )
+
+ # Patch file with multiple lines with CVE IDs
+ self.assertEqual(
+ parse_cves_from_patch_contents(
+ textwrap.dedent("""\
+ There is an assertion in function _cairo_arc_in_direction().
+
+ CVE: CVE-2019-6461 & CVE-2019-6462
+
+ CVE: CVE-2019-6463 & CVE-2019-6464
+ Upstream-Status: Pending
+ Signed-off-by: Ross Burton <ross.burton@intel.com>
+
+ diff --git a/src/cairo-arc.c b/src/cairo-arc.c
+ index 390397bae..1bde774a4 100644
+ --- a/src/cairo-arc.c
+ +++ b/src/cairo-arc.c
+ @@ -186,7 +186,8 @@ _cairo_arc_in_direction (cairo_t *cr,
+ if (cairo_status (cr))
+ return;
+
+ - assert (angle_max >= angle_min);
+ + if (angle_max < angle_min)
+ + return;
+
+ if (angle_max - angle_min > 2 * M_PI * MAX_FULL_CIRCLES) {
+ angle_max = fmod (angle_max - angle_min, 2 * M_PI);
+
+ """),
+ ),
+ {"CVE-2019-6461", "CVE-2019-6462", "CVE-2019-6463", "CVE-2019-6464"},
+ )
def test_recipe_report_json(self):
config = """
next prev parent reply other threads:[~2026-02-20 5:34 UTC|newest]
Thread overview: 38+ messages / expand[flat|nested] mbox.gz Atom feed top
2026-02-20 5:34 [openembedded-core] [scarthgap] [PATCH v1 01/34] cve-check: encode affected product/vendor in CVE_STATUS Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 02/34] cve_check: Update selftest with new status detail Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 03/34] cve-check: annotate CVEs during analysis Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 04/34] cve-check-map: add new statuses Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 05/34] selftest: add test_product_match Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 06/34] cve-check: remove the TEXT format support Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 07/34] cve-check-update-nvd2-native: Incremement DL_DIR database location Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 08/34] cve-check: add field "modified" to JSON report Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 09/34] cve-check: do not skip cve status description after : Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 10/34] cve-check: fix malformed cve status description with : characters Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 11/34] cve-check: restore CVE_CHECK_SHOW_WARNINGS functionality Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 12/34] cve-check: fix cvesInRecord Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 13/34] cve-check: Fix errors in log lines Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco) [this message]
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 15/34] meta/lib/oe/cve_check.py: fix patched_cves not updated Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 16/34] cve-check: allow feed choice Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 17/34] cve-update-db-native: restore Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 18/34] cve-update-db-native: update structure Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 19/34] cve-update-db-native: add the fkie source Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 20/34] cve-check: change the default feed Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 21/34] cve-check: fix debug message Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 22/34] spdx30: Allow VEX Justification to be configurable Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 23/34] cve-update-db-native: fix fetcher for CVEs missing nodes Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 24/34] cve-update-db-native: Use a local copy of the database during builds Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 25/34] cve-update-db-native: Handle BB_NO_NETWORK and missing db Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 26/34] cve-update-db-native: log a little more Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 27/34] cve-update: decrease update interval to 23 hours Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 28/34] cve-update: remove cleanup of db_file in downloads Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 29/34] cve-update-db-native: Fix FKIE CVE accessVector parsing Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 30/34] cve-update-db-native: FKIE CVE parsing: Use Secondary metric Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 31/34] cve-update: log timestamps and add force update for future time Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 32/34] cve-update-db-native: pycodestyle fixes Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 33/34] cve-update-nvd2-native: " Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-20 5:34 ` [openembedded-core] [scarthgap] [PATCH v1 34/34] cve-update: Avoid NFS caching issues Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-02-23 9:46 ` [OE-core] [openembedded-core] [scarthgap] [PATCH v1 01/34] cve-check: encode affected product/vendor in CVE_STATUS Paul Barker
2026-02-23 12:31 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-03 9:09 ` Het Patel -X (hetpat - E INFOCHIPS PRIVATE LIMITED at Cisco)
2026-03-05 13:13 ` Yoann Congal
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20260220053443.3006180-14-hetpat@cisco.com \
--to=hetpat@cisco.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=vchavda@cisco.com \
--cc=xe-linux-external@cisco.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox