diff mbox series

[v2,2/4] python3-ply: set CVE_PRODUCT

Message ID 20260713234417.4071754-2-mark.yang@lge.com
State Under Review
Headers show
Series [v2,1/4] python3-cryptography: set CVE_PRODUCT | expand

Commit Message

mark.yang July 13, 2026, 11:44 p.m. UTC
From: "mark.yang" <mark.yang@lge.com>

NVD registers ply as dabeaz:ply, so the default python:ply vendor
prefix never matches and no CVEs are reported. Use the exact
vendor:product pair.

CVE-2025-56005 will then show as unpatched; no fixed release exists.

Suggested-by: Paul Barker <paul@pbarker.dev>
Signed-off-by: mark.yang <mark.yang@lge.com>
---
v2: use exact vendor:product pair; drop CVE_STATUS

 meta/recipes-devtools/python/python3-ply_3.11.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3-ply_3.11.bb b/meta/recipes-devtools/python/python3-ply_3.11.bb
index 2c5fa3f215..06393ac4fe 100644
--- a/meta/recipes-devtools/python/python3-ply_3.11.bb
+++ b/meta/recipes-devtools/python/python3-ply_3.11.bb
@@ -14,4 +14,6 @@  RDEPENDS:${PN}:class-target += "\
     python3-shell \
 "
 
+CVE_PRODUCT = "dabeaz:ply"
+
 BBCLASSEXTEND = "native nativesdk"