| Message ID | 20251230154903.736590-7-skandigraun@gmail.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-python,01/10] python-gunicorn: set CVE_PRODUCT | expand |
diff --git a/meta-python/recipes-devtools/python/python3-reportlab_4.4.5.bb b/meta-python/recipes-devtools/python/python3-reportlab_4.4.5.bb index 4c411d5716..3ea47e355b 100644 --- a/meta-python/recipes-devtools/python/python3-reportlab_4.4.5.bb +++ b/meta-python/recipes-devtools/python/python3-reportlab_4.4.5.bb @@ -6,6 +6,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=cf24392f451ff6710fca1e96cefa0424" SRC_URI[sha256sum] = "0457d642aa76df7b36b0235349904c58d8f9c606a872456ed04436aafadc1510" +CVE_PRODUCT = "reportlab" inherit pypi python_setuptools_build_meta BBCLASSEXTEND = "native nativesdk"
The relevant CVEs to this recipe are tracked using reportlab:reportlab CPE, which doesn't match the default python:reportlab CPE, so the cve-checker misses CVEs. See CVE db query: sqlite> select * from products where product like '%reportlab%'; CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0 CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0 CVE-2020-28463|reportlab|reportlab|-||||0 CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-reportlab_4.4.5.bb | 1 + 1 file changed, 1 insertion(+)