On 6 Sep 2023, at 13:30, Ross Burton via lists.openembedded.org <ross.burton=arm....@lists.openembedded.org> wrote: >>> On 5 Sep 2023, at 08:29, Yuta Hayama <hay...@lineo.co.jp> wrote: >>>> >>>> affected_versions in kernel_cves.json does not mean "first affected version >>>> to last affected version" but actually "first affected version to fixed >>>> version". Therefore, the variable names, conditional expressions, and >>>> CVE_STATUS descriptions should be fixed. >>> >>> I’m happy to believe you on this, but do you have a source? >> >> Unfortunately, I have not found any official explanation for this. All I know >> is what I wrote in the following message. And that is what I have been able >> to >> confirm empirically. >> >> https://lists.openembedded.org/g/openembedded-core/message/186994 > > Based on that evidence you appear to be right, yes. I’ve just mailed the > maintainer of the JSON to see if he’d like to make a statement either way.
I got a reply: "The code takes the breaking_cmt to fixing_cmt. So it would be First Affected version to First Fixed version in the mainline.” Yes, you’re correct. Ross
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187410): https://lists.openembedded.org/g/openembedded-core/message/187410 Mute This Topic: https://lists.openembedded.org/mt/101164830/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-