Message ID | 20240926110103.29905-1-s-tokumoto@fujitsu.com |
---|---|
State | Under Review |
Headers | show |
Series | python3-setuptools: Add "python:setuptools" to CVE_PRODUCT | expand |
diff --git a/meta/recipes-devtools/python/python3-setuptools_72.1.0.bb b/meta/recipes-devtools/python/python3-setuptools_72.1.0.bb index 945d443aff..5a01111934 100644 --- a/meta/recipes-devtools/python/python3-setuptools_72.1.0.bb +++ b/meta/recipes-devtools/python/python3-setuptools_72.1.0.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=141643e11c48898150daa83802dbc65f" inherit pypi python_setuptools_build_meta +CVE_PRODUCT = "python3-setuptools python:setuptools" + SRC_URI:append:class-native = " file://0001-conditionally-do-not-fetch-code-by-easy_install.patch" SRC_URI += " \
Since there are vulnerabilities that cannot be detected by the existing CVE_PRODUCT, add "python:setuptools" to CVE_PRODUCT. https://nvd.nist.gov/vuln/detail/CVE-2013-1633 https://nvd.nist.gov/vuln/detail/CVE-2022-40897 Signed-off-by: Shunsuke Tokumoto <s-tokumoto@fujitsu.com> --- meta/recipes-devtools/python/python3-setuptools_72.1.0.bb | 2 ++ 1 file changed, 2 insertions(+)