Hello, On Wed Mar 18, 2026 at 6:39 AM CET, Het Patel via lists.openembedded.org wrote: > From: Het Patel <[email protected]> > > The patches address the following bugs: > > 1. Incomplete CVE Assessment Details: Currently, the `detail` field is > missing for approximately 81% of entries, rendering reports unreliable for > auditing. These changes ensure that the rationale for a "Patched" or > "Unpatched" assessment is properly recorded, allowing for a clear distinction > between version-based assessments and missing data. > > 2. Runtime Warnings: Corrects four instances where debug calls were missing > the required log level parameter. This change eliminates the runtime warnings > that currently trigger during every CVE scan.
I appreciate that you trimed down your previous try to cleanup CVE checking code[0]. But I still feel like it is too intrusive for stable inclusion. Can you please provide examples of some CVEs having "Incomplete CVE Assessment Details:" so I can understand the problem? > Testing: > - Applied cleanly to the current `scarthgap` HEAD. > - Verified via a full CVE scan. > - Confirmed that all existing CVE statuses are preserved with no regressions > observed. Can you provide output (log+json) both before/after to verify this claim? Thanks! [0]: https://lore.kernel.org/openembedded-core/[email protected]/#r > Het Patel (4): > cve-check: encode affected product/vendor in CVE_STATUS > cve-check: annotate CVEs during analysis > cve-check-map: add new statuses > cve-check: fix debug message > > meta/classes/cve-check.bbclass | 246 > +++++++++++++++++++++-------------------- > meta/conf/cve-check-map.conf | 9 + > meta/lib/oe/cve_check.py | 74 +++++++++--- > 3 files changed, 197 insertions(+), 132 deletions(-) -- Yoann Congal Smile ECS
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#233379): https://lists.openembedded.org/g/openembedded-core/message/233379 Mute This Topic: https://lists.openembedded.org/mt/118378623/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
