From: Pierre Le Magourou <lemagoup@gmail.com>
To: Kevin Weng <t-keweng@microsoft.com>
Cc: "openembedded-core@lists.openembedded.org"
<openembedded-core@lists.openembedded.org>
Subject: Re: [PATCH 1/4] cve-update-db: New recipe to update CVE database
Date: Wed, 10 Jul 2019 13:17:18 +0200 [thread overview]
Message-ID: <CAEz4NHp-v2+xapjeJULXZiHpM=V1JiC2rCGmEuo7+fHBzN5Csg@mail.gmail.com> (raw)
In-Reply-To: <DM5PR2101MB09676734C5E89ADA88372B358DF10@DM5PR2101MB0967.namprd21.prod.outlook.com>
Hi Kevin,
> I found that the hash function is causing collisions in the generated database such that some CVEs are being overwritten because of the UNIQUE constraint on the HASH column. For example, CVE-2018-1000873 has the same hash of 623198722 as CVE-2018-18338. This results in one of the two CVEs not appearing in the database.
This is problematic. I kept using djb2 hash function, because it was
the one used in the previous cve-check-tool and it was fast. But it
might not be the right hash function to use. Do you have a better hash
function in mind ?
I can also drop hash function, remove everything from the database and
recreate all entries at each update but it will increase database
update time.
I don't have the same hash as you for CVE-2018-1000873 and
CVE-2018-18338, do you use my latest patches from master ? I did
several changes recently.
Pierre Le Magourou
next prev parent reply other threads:[~2019-07-10 11:17 UTC|newest]
Thread overview: 18+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-07-09 23:58 [PATCH 1/4] cve-update-db: New recipe to update CVE database Kevin Weng
2019-07-10 11:17 ` Pierre Le Magourou [this message]
-- strict thread matches above, loose matches on Subject: below --
2019-06-19 13:59 Pierre Le Magourou
2019-06-19 20:21 ` Adrian Bunk
2019-06-20 9:36 ` Pierre Le Magourou
2019-06-21 11:03 ` Mikko.Rapeli
2019-06-21 11:42 ` Alexander Kanavin
2019-06-21 11:48 ` Mikko.Rapeli
2019-06-21 12:03 ` Alexander Kanavin
2019-06-21 12:15 ` Mikko.Rapeli
2019-06-21 12:29 ` Burton, Ross
2019-06-21 13:01 ` Mikko.Rapeli
2019-06-25 8:48 ` Pierre Le Magourou
2019-06-25 12:54 ` Burton, Ross
2019-06-24 8:32 ` Pierre Le Magourou
2019-06-24 9:46 ` Burton, Ross
2019-06-27 7:31 ` Richard Purdie
2019-06-27 9:10 ` Pierre Le Magourou
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAEz4NHp-v2+xapjeJULXZiHpM=V1JiC2rCGmEuo7+fHBzN5Csg@mail.gmail.com' \
--to=lemagoup@gmail.com \
--cc=openembedded-core@lists.openembedded.org \
--cc=t-keweng@microsoft.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.