[OE-core] [PATCHv3 1/2] cve-check-tool: Add recipe
Mariano Lopez
mariano.lopez at linux.intel.com
Mon Jul 18 22:04:36 UTC 2016
On 07/12/2016 05:19 PM, akuster808 wrote:
> Mariano,
>
>
> On 07/11/2016 05:52 AM, mariano.lopez at linux.intel.com wrote:
>> From: Mariano Lopez <mariano.lopez at linux.intel.com>
>>
>> cve-check-tool is a program for public CVEs checking.
>> This tool also seek to determine if a vulnerability has
>> been addressed by a patch.
> By tool do you mean the "cve-check-tool"? All the Nvd DB can tell you if
> an CVE has been assigned, anything more than that is not guaranteed.
>
> Look at https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-5320
Sorry for the confusion, here I was referring to patches in OE that
address the CVE, the class will look for the CVE tag for this.
>
>> The recipe also includes the do_populate_cve_db task
>> that will populate the database used by the tool.
> This DB is big. May want to add a note to that affect. Maybe a note
> about how to share the DB across builds like with the AB.
You are right, the DB is big and it will take some time to download. By
default the tool will download the DB to DL_DIR, so if you have this dir
shared, it will be downloaded just one time, and incremental updates later.
>
> time for me to play with this.
>
> Thanks for driving this.
Glad to be helping with this.
> regards,
> Armin
>
Mariano
More information about the Openembedded-core
mailing list