From 8efe8675ad7055ad4ba7eef1c53c62eff501acb9 Mon Sep 17 00:00:00 2001 From: Alexey Makhalov <amakhalov@vmware.com> Date: Thu, 22 Dec 2016 23:33:02 -0800 Subject: [PATCH 5/6] Concatenate update to the version for jdk/jre To have 1.8.0.102 instead of 1.8.0:update_102 for instance --- src/core.c | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/src/core.c b/src/core.c index d03f856..b3a72dd 100644 --- a/src/core.c +++ b/src/core.c @@ -285,6 +285,19 @@ static bool parse_vuln(char *cve_id, const xmlChar* inp, struct vulnerability_t if (len > 4) { version = g_strdup(splits[4]); } + + /* + * clue update to the version for jdk/jre to have 1.8.0.102 instead of + * 1.8.0:update_102 (CVE-2016-5582) + */ + if ((len > 5) && (strcmp(vendor, "oracle") == 0) && + ((strcmp(product, "jdk") == 0) || (strcmp(product, "jre") == 0)) && + (strncmp(splits[5], "update_", 7) == 0)) { + gchar *tmp = version; + version = g_strdup_printf("%s.%s", tmp, splits[5]+7); + g_free(tmp); + } + g_strfreev(splits); vuln->vendor = vendor; -- 2.10.1