diff mbox series

[wrynose,12/52] python3-requests: set status for CVE-2024-35195

Message ID 8e6c1d6aa752e5064b7ea8e3818ddcf52a735458.1778198557.git.yoann.congal@smile.fr
State New
Headers show
Series [wrynose,01/52] shadow: set CVE_PRODUCT | expand

Commit Message

Yoann Congal May 8, 2026, 7:11 a.m. UTC 
From: Peter Marko <peter.marko@siemens.com>

NVD [1] does not have CPE set.
Debian [2] shows comit from v2.32.0 as fix.

cvelistV5 [3] also says "< 2.32.0", posibly "defaultStatus": "unknown"
is causing it to appear in CVE metrics...

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-35195
[2] https://security-tracker.debian.org/tracker/CVE-2024-35195
[3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/35xxx/CVE-2024-35195.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
(cherry picked from commit 7cef5ee0b5ce16c7dfbb836c95f41a0b7c5a82eb)
Signed-off-by: Yoann Congal <yoann.congal@smile.fr>
---
 meta/recipes-devtools/python/python3-requests_2.32.5.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta/recipes-devtools/python/python3-requests_2.32.5.bb b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
index 0eb9765b633..afcf1a99b36 100644
--- a/meta/recipes-devtools/python/python3-requests_2.32.5.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
@@ -32,3 +32,5 @@  FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/pyth
 CVE_PRODUCT = "requests"
 
 BBCLASSEXTEND = "native nativesdk"
+
+CVE_STATUS[CVE-2024-35195] = "fixed-version: fixed since 2.32.0"