python3-aiohttp: mark fixed CVEs are patched

All these CVEs have been fixed already, the relevant NVD
reports mention it explicitly that 3.13.4 is fixed, along
with referencing the commit that fixes the respective
vulnerabilities. However each of these are tracked without
version info by NVD -.-

Due to this, mark them explicitly as patched.

Relevant reports:
https://nvd.nist.gov/vuln/detail/CVE-2026-22815
https://nvd.nist.gov/vuln/detail/CVE-2026-34513
https://nvd.nist.gov/vuln/detail/CVE-2026-34514
https://nvd.nist.gov/vuln/detail/CVE-2026-34515
https://nvd.nist.gov/vuln/detail/CVE-2026-34516
https://nvd.nist.gov/vuln/detail/CVE-2026-34517
https://nvd.nist.gov/vuln/detail/CVE-2026-34518
https://nvd.nist.gov/vuln/detail/CVE-2026-34519
https://nvd.nist.gov/vuln/detail/CVE-2026-34520
https://nvd.nist.gov/vuln/detail/CVE-2026-34525

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <khem.raj@oss.qualcomm.com>

1 files changed, 5 insertions, 0 deletions

diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.5.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.5.bb
index 7e6f80102b..f3a0fbf557 100644
--- a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.5.bb
+++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.5.bb
@@ -7,6 +7,11 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41"
 SRC_URI[sha256sum] = "9d98cc980ecc96be6eb4c1994ce35d28d8b1f5e5208a23b421187d1209dbb7d1"
 
 CVE_PRODUCT = "aiohttp"
+CVE_STATUS_GROUPS = "CVE_AIOHTTP_FIX_3_13_4"
+CVE_AIOHTTP_FIX_3_13_4[status] = "fixed-version: fixed in 3.13.4"
+CVE_AIOHTTP_FIX_3_13_4 = "CVE-2026-22815 CVE-2026-34513 CVE-2026-34514 \
+CVE-2026-34515 CVE-2026-34516 CVE-2026-34517 CVE-2026-34518 CVE-2026-34519 \
+CVE-2026-34520 CVE-2026-34525"
 
 inherit python_setuptools_build_meta pypi