@@ -62,18 +62,18 @@ do_cve_check[prefuncs] += "check_kernel_cve_status_version"
continue
affected = data["affected_versions"]
- first_affected, last_affected = re.search(r"(.+) to (.+)", affected).groups()
+ first_affected, fixed = re.search(r"(.+) to (.+)", affected).groups()
first_affected = parse_version(first_affected)
- last_affected = parse_version(last_affected)
+ fixed = parse_version(fixed)
handled = False
- if not last_affected:
+ if not fixed:
print(f"# {cve} has no known resolution")
elif first_affected and version < first_affected:
print(f"# fixed-version: only affects {first_affected} onwards")
handled = True
- elif last_affected < version:
- print(f"# fixed-version: Fixed after version {last_affected}")
+ elif fixed <= version:
+ print(f"# fixed-version: Fixed from version {fixed}")
handled = True
else:
if cve in stream_data:
@@ -87,9 +87,9 @@ do_cve_check[prefuncs] += "check_kernel_cve_status_version"
# TODO print a note that the kernel needs bumping
print(f"# {cve} needs backporting (fixed from {backport_ver})")
else:
- print(f"# {cve} needs backporting (fixed from {last_affected})")
+ print(f"# {cve} needs backporting (fixed from {fixed})")
else:
- print(f"# {cve} needs backporting (fixed from {last_affected})")
+ print(f"# {cve} needs backporting (fixed from {fixed})")
if handled:
print(f'CVE_CHECK_IGNORE += "{cve}"')