From bd7102d96304b02ff09077edc16f5f60bd784c8b Mon Sep 17 00:00:00 2001
From: Ales Raszka <araszka@redhat.com>
Date: Wed, 2 Jan 2019 14:27:08 +0100
Subject: [PATCH] Vulnsrc rhel: handle "none" CVE impact

Some RHEL CVEs [1] contains "none" string in impact field. This is throwing
warning message when fetching vulnerabilities. The new code handles this
case and it uses advisory severity instead.

[1] https://www.redhat.com/security/data/oval/com.redhat.rhsa-20080038.xml
---
 ext/vulnsrc/rhel/rhel.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/ext/vulnsrc/rhel/rhel.go b/ext/vulnsrc/rhel/rhel.go
index d0ed6e41..e67e4bcf 100644
--- a/ext/vulnsrc/rhel/rhel.go
+++ b/ext/vulnsrc/rhel/rhel.go
@@ -221,7 +221,7 @@ func parseRHSA(ovalReader io.Reader) (vulnerabilities []database.VulnerabilityWi
 			for _, currentCve := range definition.Cves {
 				vulnerability.Name = currentCve.ID
 				vulnerability.Link = currentCve.Href
-				if currentCve.Impact != "" {
+				if currentCve.Impact != "" && currentCve.Impact != "none" {
 					vulnerability.Severity = severity(currentCve.Impact)
 				} else {
 					vulnerability.Severity = severity(definition.Severity)