| Message ID | 20260202163714.2359370-7-skandigraun@gmail.com |
|---|---|
| State | Under Review |
| Headers | show |
| Series | [meta-gnome,1/9] gimp: mark CVE-2025-15059 patched | expand |
diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index 37675f1b63..0a928dc2fa 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb @@ -9,6 +9,8 @@ SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9 PYPI_PACKAGE = "pyjwt" CVE_PRODUCT = "pyjwt" +CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly" + inherit pypi python_setuptools_build_meta RDEPENDS:${PN} = "\
Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768 The CVE is disputed: though the vulnerability is there, but it comes from incorrect configuration of the library by the main application. Due to this, ignore this CVE. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> --- meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 2 ++ 1 file changed, 2 insertions(+)