| Message ID | 20260107113343.2238185-2-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-python,1/2] python3-m2crypto: ignore CVE-2009-0127 | expand |
diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb index efb6c79fa7..e534d32028 100644 --- a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb +++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb @@ -13,6 +13,7 @@ SRC_URI += " \ " CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug" +CVE_STATUS[CVE-2020-25657] = "fixed-version: the used version (0.46.2) contains the fix already" inherit pypi siteinfo python_setuptools_build_meta
Details: https://nvd.nist.gov/vuln/detail/CVE-2020-25657 The commit[1] that fixes the vulnerability has been part of the package since version 0.39.0 [1]: https://git.sr.ht/~mcepl/m2crypto/commit/84c53958def0f510e92119fca14d74f94215827a Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb | 1 + 1 file changed, 1 insertion(+)