Skip to content

Commit

Permalink
fix: fix xerces CPE ID
Browse files Browse the repository at this point in the history 
apache:xerces-c has been deprecated in favor of apache-xerces-c\+\+
since February 2023:

<cpe-item name="cpe:/a:apache:xerces-c:3.1.1" deprecated="true" deprecation_date="2023-02-05T21:10:01.860Z">
      <reference href="https://marc.info/?l=xerces-c-users&amp;m=157653840106914&amp;w=2">Advisory</reference>
      <reference href="https://xerces.apache.org/xerces-c/releases_archive.html">Version</reference>
    <cpe-23:cpe23-item name="cpe:2.3:a:apache:xerces-c:3.1.1:*:*:*:*:*:*:*">
        <cpe-23:deprecated-by name="cpe:2.3:a:apache:xerces-c\+\+:3.1.1:*:*:*:*:*:*:*" type="NAME_CORRECTION"/>

Signed-off-by: Fabrice Fontaine <fabrice.fontaine@orange.com>
  • Loading branch information
@ffontaine
ffontaine committed Apr 24, 2023
1 parent 54da5b0 commit 07cd461
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 4 deletions.
4 changes: 2 additions & 2 deletions cve_bin_tool/checkers/xerces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
CVE checker for libxerces
References:
http://www.cvedetails.com/vulnerability-list/vendor_id-45/product_id-4103/Apache-Xerces-c-.html
https://nvd.nist.gov/products/cpe/search/results?namingFormat=2.3&orderBy=2.3&keyword=cpe%3A2.3%3Aa%3Aapache%3Axerces-c%5C%2B%5C%2B&status=FINAL
RSS feed: http://www.cvedetails.com/vulnerability-feed.php?vendor_id=45&product_id=4103&version_id=&orderby=2&cvssscoremin=0
"""
Expand All @@ -20,4 +20,4 @@ class XercesChecker(Checker):
r"\/xerces-c-src_([0-9]+_[0-9]+_[0-9]+)\/",
r"xercesc_([0-9]+\_[0-9]+):",
]
VENDOR_PRODUCT = [("apache", "xerces-c")]
VENDOR_PRODUCT = [("apache", "xerces-c\+\+")]
4 changes: 2 additions & 2 deletions test/test_data/xerces.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@

mapping_test_data = [
{
"product": "xerces-c",
"product": "xerces-c\+\+",
"version": "3.1.1",
"version_strings": ["/xerces-c-src_3_1_1/"],
}
Expand All @@ -12,7 +12,7 @@
{
"url": "http://mirror.centos.org/centos/7/os/x86_64/Packages/",
"package_name": "xerces-c-3.1.1-10.el7_7.x86_64.rpm",
"product": "xerces-c",
"product": "xerces-c\+\+",
"version": "3.1",
}
]

0 comments on commit 07cd461

Please sign in to comment.