[3/3] cve-update-db-native: use SQL placeholders instead of format strings

Message ID 20190717104538.20990-3-ross.burton@intel.com
State New
Headers show
Series
  • [1/3] cve-check: allow comparison of Vendor as well as Product
Related show

Commit Message

Ross Burton July 17, 2019, 10:45 a.m.
Signed-off-by: Ross Burton <ross.burton@intel.com>

---
 meta/recipes-core/meta/cve-update-db-native.bb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

-- 
2.20.1

-- 
_______________________________________________
Openembedded-core mailing list
Openembedded-core@lists.openembedded.org
http://lists.openembedded.org/mailman/listinfo/openembedded-core

Patch

diff --git a/meta/recipes-core/meta/cve-update-db-native.bb b/meta/recipes-core/meta/cve-update-db-native.bb
index e16c41a72fd..72d1f48835b 100644
--- a/meta/recipes-core/meta/cve-update-db-native.bb
+++ b/meta/recipes-core/meta/cve-update-db-native.bb
@@ -62,7 +62,7 @@  python do_populate_cve_db() {
             break
 
         # Compare with current db last modified date
-        c.execute("select DATE from META where YEAR = '%d'" % year)
+        c.execute("select DATE from META where YEAR = ?", (year,))
         meta = c.fetchone()
         if not meta or meta[0] != last_modified:
             # Update db with current year json file