| Message ID | 20251230154903.736590-2-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python,01/10] python-gunicorn: set CVE_PRODUCT | expand |
diff --git a/meta-python/recipes-devtools/python/python3-flask_3.1.2.bb b/meta-python/recipes-devtools/python/python3-flask_3.1.2.bb index de4a558bff..1b289c7227 100644 --- a/meta-python/recipes-devtools/python/python3-flask_3.1.2.bb +++ b/meta-python/recipes-devtools/python/python3-flask_3.1.2.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=ffeffa59c90c9c4a033c7574f8f3fb75" SRC_URI[sha256sum] = "bf656c15c80190ed628ad08cdfd3aaa35beb087855e2f494910aa3774cc4fd87" +CVE_PRODUCT = "flask" + inherit pypi python_flit_core ptest-python-pytest CLEANBROKEN = "1"
The default python:flask CPE doesn't match relevant CVE entries which are tracked under palletsprojects:flask CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'flask'; CVE-2018-1000656|palletsprojects|flask|||0.12.3|< CVE-2019-1010083|palletsprojects|flask|||1.0|< CVE-2023-30861|palletsprojects|flask|||2.2.5|< CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|< Set the CVE_PRODUCT to "flask" so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-flask_3.1.2.bb | 2 ++ 1 file changed, 2 insertions(+)