[httpd-site] branch main updated: Always use root timeline for version matching, nix timearray

[hu...@apache.org]

This is an automated email from the ASF dual-hosted git repository.

humbedooh pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/httpd-site.git


The following commit(s) were added to refs/heads/main by this push:
     new 10e873a  Always use root timeline for version matching, nix timearray
10e873a is described below

commit 10e873a67512af856d117b699d3c04a7813a3e99
Author: Daniel Gruno <hu...@apache.org>
AuthorDate: Tue Jan 17 19:20:10 2023 +0100

    Always use root timeline for version matching, nix timearray
---
 content/security/cvejsontohtml.py | 7 +------
 1 file changed, 1 insertion(+), 6 deletions(-)

diff --git a/content/security/cvejsontohtml.py b/content/security/cvejsontohtml.py
index 946e240..7bb7651 100644
--- a/content/security/cvejsontohtml.py
+++ b/content/security/cvejsontohtml.py
@@ -40,15 +40,10 @@ for cve in cves:
     #print("%s: v%s" % (cve["_filename"], data_version), file=sys.stderr)
      
     if data_version == DEFAULT_CVE_DATA_VERSION:  # Old style CVE
-        timearray = cve["timeline"]
         cve["id"] = cve["CVE_data_meta"]["ID"]
     elif data_version == "5.0":  # Newer style JSON
-        if "timeline" in cve["containers"]["cna"]:
-            timearray = cve["containers"]["cna"]["timeline"]
-        else:
-            timearray = cve["timeline"]  # This should be in cna, but...meh
         cve["id"] = cve["cveMetadata"]["cveId"]
-    for time in timearray:
+    for time in cve["timeline"]:
         timed = time["value"]
         matcher = re_fixedin.match(timed);
         if (matcher and matcher.group('released').startswith(filterversion)):