[7/8] python3-requests: set status for CVE-2024-35195

Message ID	20260426120253.825060-7-peter.marko@siemens.com
State	Under Review
Headers	show Return-Path: <peter.marko@siemens.com> ip: 185.136.65.225, mailfrom: fm-256628-20260426120349a97f094d4d000207d5-w0x9by@rts-flowmailer.siemens.com) From: Peter Marko <peter.marko@siemens.com> To: openembedded-core@lists.openembedded.org Cc: Peter Marko <peter.marko@siemens.com> Subject: [PATCH 7/8] python3-requests: set status for CVE-2024-35195 Date: Sun, 26 Apr 2026 14:02:52 +0200 Message-ID: <20260426120253.825060-7-peter.marko@siemens.com> In-Reply-To: <20260426120253.825060-1-peter.marko@siemens.com> References: <20260426120253.825060-1-peter.marko@siemens.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit Feedback-ID: 519:519-256628:519-21489:flowmailer
Series	[1/8] harfbuzz: set status for CVE-2024-56732 \| expand [1/8] harfbuzz: set status for CVE-2024-56732 [2/8] gnutls: set status for CVE-2026-1584 [3/8] cve-extra-exclusions: ignore CVE-2019-2708 [4/8] bind: set status for CVE-2017-3139 [5/8] base-files: set status for CVE-2018-6557 [6/8] rsync: set status for CVE-2024-12084 [7/8] python3-requests: set status for CVE-2024-35195 [8/8] python3-requests: set status for CVE-2024-47081

Message ID

20260426120253.825060-7-peter.marko@siemens.com

State

Under Review

Headers

From: Peter Marko <peter.marko@siemens.com>
To: openembedded-core@lists.openembedded.org
Cc: Peter Marko <peter.marko@siemens.com>
Subject: [PATCH 7/8] python3-requests: set status for CVE-2024-35195
Date: Sun, 26 Apr 2026 14:02:52 +0200
Message-ID: <20260426120253.825060-7-peter.marko@siemens.com>
In-Reply-To: <20260426120253.825060-1-peter.marko@siemens.com>
References: <20260426120253.825060-1-peter.marko@siemens.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Feedback-ID: 519:519-256628:519-21489:flowmailer

Series

[1/8] harfbuzz: set status for CVE-2024-56732 | expand

Commit Message

Peter Marko April 26, 2026, 12:02 p.m. UTC

From: Peter Marko <peter.marko@siemens.com>

NVD [1] does not have CPE set.
Debian [2] shows comit from v2.32.0 as fix.

cvelistV5 [3] also says "< 2.32.0", posibly "defaultStatus": "unknown"
is causing it to appear in CVE metrics...

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-35195
[2] https://security-tracker.debian.org/tracker/CVE-2024-35195
[3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/35xxx/CVE-2024-35195.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
---
 meta/recipes-devtools/python/python3-requests_2.32.5.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/python/python3-requests_2.32.5.bb b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
index 0eb9765b63..afcf1a99b3 100644
--- a/meta/recipes-devtools/python/python3-requests_2.32.5.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
@@ -32,3 +32,5 @@  FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/pyth
 CVE_PRODUCT = "requests"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2024-35195] = "fixed-version: fixed since 2.32.0"

[7/8] python3-requests: set status for CVE-2024-35195

Commit Message

Patch