[meta-python,2/4] python3-py: ignore CVE-2022-42969

Message ID	20260119175505.777598-2-skandigraun@gmail.com
State	Under Review
Headers	show Return-Path: <skandigraun@gmail.com> ip: 209.85.128.46, mailfrom: skandigraun@gmail.com) From: Gyorgy Sarvari <skandigraun@gmail.com> To: openembedded-devel@lists.openembedded.org Subject: [meta-python][PATCH 2/4] python3-py: ignore CVE-2022-42969 Date: Mon, 19 Jan 2026 18:55:03 +0100 Message-ID: <20260119175505.777598-2-skandigraun@gmail.com> In-Reply-To: <20260119175505.777598-1-skandigraun@gmail.com> References: <20260119175505.777598-1-skandigraun@gmail.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit
Series	[meta-python,1/4] python3-werkzeug: upgrade 3.1.4 -> 3.1.5 \| expand [meta-python,1/4] python3-werkzeug: upgrade 3.1.4 -> 3.1.5 [meta-python,2/4] python3-py: ignore CVE-2022-42969 [meta-python,3/4] python3-lief: upgrade 0.17.1 -> 0.17.2 [meta-python,4/4] python3-lief: mark CVE-2025-15504 patched

Message ID

20260119175505.777598-2-skandigraun@gmail.com

State

Under Review

Headers

From: Gyorgy Sarvari <skandigraun@gmail.com>
To: openembedded-devel@lists.openembedded.org
Subject: [meta-python][PATCH 2/4] python3-py: ignore CVE-2022-42969
Date: Mon, 19 Jan 2026 18:55:03 +0100
Message-ID: <20260119175505.777598-2-skandigraun@gmail.com>
In-Reply-To: <20260119175505.777598-1-skandigraun@gmail.com>
References: <20260119175505.777598-1-skandigraun@gmail.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit

Series

[meta-python,1/4] python3-werkzeug: upgrade 3.1.4 -> 3.1.5 | expand

Commit Message

Gyorgy Sarvari Jan. 19, 2026, 5:55 p.m. UTC

Details: https://nvd.nist.gov/vuln/detail/CVE-2022-42969

Upstream could not reproduce the issue.
The vulnerability has currently the "disputed" flag in the NVD database,
and Github has revoked their related advisory[1].

Ignore this CVE due to this.

[1]: https://github.com/advisories/GHSA-w596-4wvx-j9j6

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
---
 meta-python/recipes-devtools/python/python3-py_1.11.0.bb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb
index 143f7ec555..61f3873b4c 100644
--- a/meta-python/recipes-devtools/python/python3-py_1.11.0.bb
+++ b/meta-python/recipes-devtools/python/python3-py_1.11.0.bb
@@ -6,6 +6,7 @@  LIC_FILES_CHKSUM = "file://LICENSE;md5=a6bb0320b04a0a503f12f69fea479de9"
 SRC_URI[sha256sum] = "51c75c4126074b472f746a24399ad32f6053d1b34b68d2fa41e558e6f4a98719"
 
 CVE_PRODUCT = "py"
+CVE_STATUS[CVE-2022-42969] = "disputed: upstream could not reproduce it, github also revoked the advisory"
 
 DEPENDS += "python3-setuptools-scm-native"

[meta-python,2/4] python3-py: ignore CVE-2022-42969

Commit Message

Patch