[meta-python,10/10] python3-supervisor: set CVE_PRODUCT

Message ID	20251230142902.730667-10-skandigraun@gmail.com
State	New
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 10/10] python3-supervisor: set CVE_PRODUCT Date: Tue, 30 Dec 2025 15:29:02 +0100 Message-ID: <20251230142902.730667-10-skandigraun@gmail.com> In-Reply-To: <20251230142902.730667-1-skandigraun@gmail.com> References: <20251230142902.730667-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-python,01/10] python3-simplejson: set CVE_PRODUCT \| expand [meta-python,01/10] python3-simplejson: set CVE_PRODUCT [meta-python,02/10] python3-ldap: set CVE_PRODUCT [meta-python,03/10] python3-twisted: set CVE_PRODUCT [meta-python,04/10] python3-m2crypto: set CVE_PRODUCT [meta-python,05/10] python3-ipython: set CVE_PRODUCT [meta-python,06/10] python3-tqdm: set CVE_PRODUCT [meta-python,07/10] python3-werkzeug: set CVE_PRODUCT [meta-python,08/10] python3-html5lib: set CVE_PRODUCT [meta-python,09/10] python3-pyjwt: set CVE_PRODUCT [meta-python,10/10] python3-supervisor: set CVE_PRODUCT

Message ID

20251230142902.730667-10-skandigraun@gmail.com

State

New

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][PATCH 10/10] python3-supervisor: set CVE_PRODUCT
Date: Tue, 30 Dec 2025 15:29:02 +0100
Message-ID: <20251230142902.730667-10-skandigraun@gmail.com>
In-Reply-To: <20251230142902.730667-1-skandigraun@gmail.com>
References: <20251230142902.730667-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-python,01/10] python3-simplejson: set CVE_PRODUCT | expand

Commit Message

Gyorgy Sarvari Dec. 30, 2025, 2:29 p.m. UTC

This recipe's CVEs are tracked using supervisord:supervisor CPE by nist,
so the default python:supervisor CPE doesn't match relevant CVEs.

See CVE db query (home-assisstant vendor is not relevant):
sqlite> select * from products where PRODUCT like 'supervisor';
CVE-2017-11610|supervisord|supervisor|||3.0|<=
CVE-2017-11610|supervisord|supervisor|3.1.0|=||
CVE-2017-11610|supervisord|supervisor|3.1.1|=||
CVE-2017-11610|supervisord|supervisor|3.1.2|=||
CVE-2017-11610|supervisord|supervisor|3.1.3|=||
CVE-2017-11610|supervisord|supervisor|3.2.0|=||
CVE-2017-11610|supervisord|supervisor|3.2.1|=||
CVE-2017-11610|supervisord|supervisor|3.2.2|=||
CVE-2017-11610|supervisord|supervisor|3.2.3|=||
CVE-2017-11610|supervisord|supervisor|3.3.0|=||
CVE-2017-11610|supervisord|supervisor|3.3.1|=||
CVE-2017-11610|supervisord|supervisor|3.3.2|=||
CVE-2019-12105|supervisord|supervisor|||4.0.2|<=
CVE-2023-27482|home-assistant|supervisor|||2023.03.1|<

Set the CVE_PRODUCT explicitly to match relevant CVEs.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-supervisor_4.3.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-devtools/python/python3-supervisor_4.3.0.bb b/meta-python/recipes-devtools/python/python3-supervisor_4.3.0.bb
index ed5f5d22f2..d504298914 100644
--- a/meta-python/recipes-devtools/python/python3-supervisor_4.3.0.bb
+++ b/meta-python/recipes-devtools/python/python3-supervisor_4.3.0.bb
@@ -9,6 +9,7 @@  LIC_FILES_CHKSUM = "file://LICENSES.txt;md5=5b4e3a2172bba4c47cded5885e7e507e"
 
 SRC_URI[sha256sum] = "4a2bf149adf42997e1bb44b70c43b613275ec9852c3edacca86a9166b27e945e"
 
+CVE_PRODUCT = "supervisord:supervisor"
 PYPI_PACKAGE = "supervisor"
 inherit pypi systemd setuptools3
 RDEPENDS:${PN} = "\

[meta-python,10/10] python3-supervisor: set CVE_PRODUCT

Commit Message

Patch