| Message ID | 20251230142902.730667-9-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python,01/10] python3-simplejson: set CVE_PRODUCT | expand |
diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index d23347878e..37675f1b63 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" PYPI_PACKAGE = "pyjwt" +CVE_PRODUCT = "pyjwt" inherit pypi python_setuptools_build_meta RDEPENDS:${PN} = "\
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<= CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|< CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=|| CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=|| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 1 + 1 file changed, 1 insertion(+)