diff mbox series

[meta-python,scarthgap] python3-ecdsa: set CVE_PRODUCT

Message ID 20260508040611.1763324-1-hjadon@cisco.com
State New
Headers show
Series [meta-python,scarthgap] python3-ecdsa: set CVE_PRODUCT | expand

Commit Message

Himanshu Jadon -X (hjadon - E INFOCHIPS PRIVATE LIMITED at Cisco) May 8, 2026, 4:06 a.m. UTC 
From: Gyorgy Sarvari <skandigraun@gmail.com>

Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.

The correct values were taken from the CVE db, by checking which CVEs
are relevant.

See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 7f962ef1557a291545646470c03fd9c4a23eb7d9)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
---
 meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb | 2 ++
 1 file changed, 2 insertions(+)
diff mbox series

Patch

diff --git a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb
index 0ae93fe3d9..1ec81d26f9 100644
--- a/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb
+++ b/meta-python/recipes-devtools/python/python3-ecdsa_0.19.0.bb
@@ -13,6 +13,8 @@  SRC_URI += " \
 	file://CVE-2026-33936.patch \
 "
 
+CVE_PRODUCT = "python-ecdsa_project:python-ecdsa tlsfuzzer:ecdsa"
+
 RDEPENDS:${PN}-ptest += " \
 	python3-hypothesis \
 	python3-pytest \