On 2023/09/08 19:57, Ross Burton via lists.openembedded.org wrote: > On 6 Sep 2023, at 13:30, Ross Burton via lists.openembedded.org > <ross.burton=arm....@lists.openembedded.org> wrote: >>>> On 5 Sep 2023, at 08:29, Yuta Hayama <hay...@lineo.co.jp> wrote: >>>>> >>>>> affected_versions in kernel_cves.json does not mean "first affected >>>>> version >>>>> to last affected version" but actually "first affected version to fixed >>>>> version". Therefore, the variable names, conditional expressions, and >>>>> CVE_STATUS descriptions should be fixed. >>>> >>>> I’m happy to believe you on this, but do you have a source? >>> >>> Unfortunately, I have not found any official explanation for this. All I >>> know >>> is what I wrote in the following message. And that is what I have been able >>> to >>> confirm empirically. >>> >>> https://lists.openembedded.org/g/openembedded-core/message/186994 >> >> Based on that evidence you appear to be right, yes. I’ve just mailed the >> maintainer of the JSON to see if he’d like to make a statement either way. > > I got a reply: > > "The code takes the breaking_cmt to fixing_cmt. So it would be First Affected > version to First Fixed version in the mainline.” > > Yes, you’re correct.
Thank you, Ross. I am relieved to hear that I was not mistaken. Also, thank you to the maintainers for applying the patch to the master. Yuta Hayama
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#187474): https://lists.openembedded.org/g/openembedded-core/message/187474 Mute This Topic: https://lists.openembedded.org/mt/101164830/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
