diff options
| author | Michael Opdenacker <michael.opdenacker@bootlin.com> | 2023-10-27 19:45:43 +0200 |
|---|---|---|
| committer | Richard Purdie <richard.purdie@linuxfoundation.org> | 2023-10-31 13:12:06 +0000 |
| commit | 6fb4c79030e9eb6ac18660e30cfce8227a0d204b (patch) | |
| tree | aa10a20b680a817bd4b6f917c82915d2dd83b98e /documentation | |
| parent | 1e1d892699dd27acdf961553f9b04cd36c9698f2 (diff) | |
| download | poky-6fb4c79030e9eb6ac18660e30cfce8227a0d204b.tar.gz | |
manuals: improve description of CVE_STATUS and CVE_STATUS_GROUPS
- Mention CVE_STATUS_GROUPS in the development manual
(otherwise only present in the reference manual, but with
no reference to it)
- In the reference manual description of CVE_STATUS,
link back to the development manual, to provide context.
(From yocto-docs rev: cfef5fe41b6c819e783c88829448ae38141650a5)
Signed-off-by: Michael Opdenacker <michael.opdenacker@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
Diffstat (limited to 'documentation')
| -rw-r--r-- | documentation/dev-manual/vulnerabilities.rst | 3 | ||||
| -rw-r--r-- | documentation/ref-manual/variables.rst | 3 |
2 files changed, 5 insertions, 1 deletions
diff --git a/documentation/dev-manual/vulnerabilities.rst b/documentation/dev-manual/vulnerabilities.rst index 71111bb3e2..c492b62ffd 100644 --- a/documentation/dev-manual/vulnerabilities.rst +++ b/documentation/dev-manual/vulnerabilities.rst | |||
| @@ -164,6 +164,9 @@ the :term:`CVE_STATUS` variable flag with appropriate reason which is mapped to | |||
| 164 | As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those | 164 | As mentioned previously, if data in the CVE database is wrong, it is recommend to fix those |
| 165 | issues in the CVE database directly. | 165 | issues in the CVE database directly. |
| 166 | 166 | ||
| 167 | Note that if there are many CVEs with the same status and reason, those can be | ||
| 168 | shared by using the :term:`CVE_STATUS_GROUPS` variable. | ||
| 169 | |||
| 167 | Recipes can be completely skipped by CVE check by including the recipe name in | 170 | Recipes can be completely skipped by CVE check by including the recipe name in |
| 168 | the :term:`CVE_CHECK_SKIP_RECIPE` variable. | 171 | the :term:`CVE_CHECK_SKIP_RECIPE` variable. |
| 169 | 172 | ||
diff --git a/documentation/ref-manual/variables.rst b/documentation/ref-manual/variables.rst index ef4d6a0534..2d875c984d 100644 --- a/documentation/ref-manual/variables.rst +++ b/documentation/ref-manual/variables.rst | |||
| @@ -1724,7 +1724,8 @@ system and gives an overview of their function and contents. | |||
| 1724 | 1724 | ||
| 1725 | It has the format "reason: description" and the description is optional. | 1725 | It has the format "reason: description" and the description is optional. |
| 1726 | The Reason is mapped to the final CVE state by mapping via | 1726 | The Reason is mapped to the final CVE state by mapping via |
| 1727 | :term:`CVE_CHECK_STATUSMAP` | 1727 | :term:`CVE_CHECK_STATUSMAP`. See :ref:`dev-manual/vulnerabilities:fixing vulnerabilities in recipes` |
| 1728 | for details. | ||
| 1728 | 1729 | ||
| 1729 | :term:`CVE_STATUS_GROUPS` | 1730 | :term:`CVE_STATUS_GROUPS` |
| 1730 | If there are many CVEs with the same status and reason, they can by simplified by using this | 1731 | If there are many CVEs with the same status and reason, they can by simplified by using this |