summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* python3-svglib: set CVE_PRODUCTmaster-nextGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | There is only one relevant CVE in the database, but it is tracked using svglib_project:svglib CPE, not the expected python:svglib CPE, making the cve-checker miss it. See CVE db query: sqlite> select * from products where product like '%svglib%'; CVE-2020-10799|svglib_project|svglib|||0.9.3|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-webargs: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+1
| | | | | | | | | | | | | | | The relevant CVEs for this recipe are tracked using webargs_project:webargs CPE, which makes the default python:webargs CPE to miss CVEs. See CVE db query: sqlite> select * from products where product like '%webargs%'; CVE-2019-9710|webargs_project|webargs|||5.1.3|< CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-validators: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | The CVEs related to this project are tracked using the validators_project:validators CPE, which doesn't match the default python:validators CPE. See CVE db query: sqlite> select * from products where product like 'validators'; CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<= CVE-2023-45813|validators_project|validators|0.11.0|=|| CVE-2023-45813|validators_project|validators|0.20.0|=|| Set the CVE_PRODUCT so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-reportlab: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+1
| | | | | | | | | | | | | | | | | | The relevant CVEs to this recipe are tracked using reportlab:reportlab CPE, which doesn't match the default python:reportlab CPE, so the cve-checker misses CVEs. See CVE db query: sqlite> select * from products where product like '%reportlab%'; CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0 CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0 CVE-2020-28463|reportlab|reportlab|-||||0 CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-waitress: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs. See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785|agendaless|waitress|||1.3.1|<= CVE-2019-16786|agendaless|waitress|||1.3.1|< CVE-2019-16789|agendaless|waitress|||1.4.0|<= CVE-2019-16792|agendaless|waitress|||1.3.1|<= CVE-2020-5236|agendaless|waitress|1.4.2|=|| CVE-2022-24761|agendaless|waitress|||2.1.1|< CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|< CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|< CVE-2024-49769|agendaless|waitress|||3.0.1|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-nltk: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | The CVEs for this project are tracked under nltk:nltk CPE, which doesn't match the default python:nltk CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'nltk'; CVE-2019-14751|nltk|nltk|||3.4.5|< CVE-2021-3828|nltk|nltk|||3.6.3|<= CVE-2021-3842|nltk|nltk|||3.6.6|< CVE-2021-43854|nltk|nltk|||3.6.5|< Set the CVE_PRODUCT so it can be used to match CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-parso: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | There is one related CVE tracked by nist, using the parso_project:parso CPE, which doesn't match the default python:parso CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'parso'; CVE-2019-12760|parso_project|parso|||0.4.0|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-marshmallow: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | The default python:marshmallow CPE doesn't match the CVEs related to this product, as they are tracked with marshmallow_project:marshmallow CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'marshmallow'; CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|< CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|< Set the CVE_PRODUCT so it matches related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | The default python:flask CPE doesn't match relevant CVE entries which are tracked under palletsprojects:flask CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'flask'; CVE-2018-1000656|palletsprojects|flask|||0.12.3|< CVE-2019-1010083|palletsprojects|flask|||1.0|< CVE-2023-30861|palletsprojects|flask|||2.2.5|< CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|< Set the CVE_PRODUCT to "flask" so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python-gunicorn: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | There is only one relevant CVE associated with this recipe in the CVE db, but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn (which is the default CPE from pypi.bbclass) See CVE db query: sqlite> select * from products where PRODUCT like '%gunicorn%'; CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=|| Set CVE_PRODUCT so that it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-supervisor: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This recipe's CVEs are tracked using supervisord:supervisor CPE by nist, so the default python:supervisor CPE doesn't match relevant CVEs. See CVE db query (home-assisstant vendor is not relevant): sqlite> select * from products where PRODUCT like 'supervisor'; CVE-2017-11610|supervisord|supervisor|||3.0|<= CVE-2017-11610|supervisord|supervisor|3.1.0|=|| CVE-2017-11610|supervisord|supervisor|3.1.1|=|| CVE-2017-11610|supervisord|supervisor|3.1.2|=|| CVE-2017-11610|supervisord|supervisor|3.1.3|=|| CVE-2017-11610|supervisord|supervisor|3.2.0|=|| CVE-2017-11610|supervisord|supervisor|3.2.1|=|| CVE-2017-11610|supervisord|supervisor|3.2.2|=|| CVE-2017-11610|supervisord|supervisor|3.2.3|=|| CVE-2017-11610|supervisord|supervisor|3.3.0|=|| CVE-2017-11610|supervisord|supervisor|3.3.1|=|| CVE-2017-11610|supervisord|supervisor|3.3.2|=|| CVE-2019-12105|supervisord|supervisor|||4.0.2|<= CVE-2023-27482|home-assistant|supervisor|||2023.03.1|< Set the CVE_PRODUCT explicitly to match relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyjwt: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+1
| | | | | | | | | | | | | | | | | The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<= CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|< CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=|| CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=|| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-html5lib: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | There are currently 2 related CVEs in the NIST db, both of them are tracked with html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match. See CVE db query: sqlite> select * from products where PRODUCT like '%html5lib%'; CVE-2016-9909|html5lib|html5lib|||0.99999999|<= CVE-2016-9910|html5lib|html5lib|||0.99999999|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-werkzeug: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything. See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|< CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|< CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|< CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|< CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<= CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|< CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|< CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|< CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=|| CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|< CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|< CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|< CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-tqdm: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | The only related CVE to this recipe is tracked using tqdm_project:tqdm CPE, so the default python:tqdm CPE doesn't match it. See relevant CVE db query: sqlite> select * from products where PRODUCT like 'tqdm'; CVE-2016-10075|tqdm_project|tqdm|4.4.1|=|| CVE-2016-10075|tqdm_project|tqdm|4.10|=|| Set the CVE_PRODUCT so it can match related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ipython: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ipython CVEs are tracked using ipython:ipython CPE, so the default python:ipython CVE_PRODUCT doesn't match relevant CPEs. See CVE db query: sqlite> select * from products where PRODUCT like 'ipython'; CVE-2015-4706|ipython|ipython|3.0.0|=|| CVE-2015-4706|ipython|ipython|3.1.0|=|| CVE-2015-4707|ipython|ipython|||3.2.0|< CVE-2015-5607|ipython|ipython|2.0.0|=|| CVE-2015-5607|ipython|ipython|2.1.0|=|| CVE-2015-5607|ipython|ipython|2.2.0|=|| CVE-2015-5607|ipython|ipython|2.3.0|=|| CVE-2015-5607|ipython|ipython|2.3.1|=|| CVE-2015-5607|ipython|ipython|2.4.0|=|| CVE-2015-5607|ipython|ipython|2.4.1|=|| CVE-2015-5607|ipython|ipython|3.0.0|=|| CVE-2015-5607|ipython|ipython|3.1.0|=|| CVE-2015-5607|ipython|ipython|3.2.0|=|| CVE-2015-5607|ipython|ipython|3.2.1|=|| CVE-2015-5607|ipython|ipython|3.2.2|=|| CVE-2015-5607|ipython|ipython|3.2.3|=|| CVE-2022-21699|ipython|ipython|||5.10.0|<= CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|< CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|< CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|< CVE-2023-24816|ipython|ipython|||8.10.0|< Set the CVE_PRODUCT accordingly to match the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-m2crypto: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | NIST currently tracks CVEs under at least 2 different CPEs for this recipe, but neither of them is python:m2crypto (the default CVE_PRODUCT). See CVE db query: sqlite> select * from products where PRODUCT like '%m2crypto%'; CVE-2009-0127|heikkitoivonen|m2crypto|-||| CVE-2020-25657|m2crypto_project|m2crypto|-||| CVE-2023-50781|m2crypto_project|m2crypto|-||| Set the CVE_PRODUCT to match the relevant CPEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-twisted: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The related CVEs are tracked with twisted:twisted CPE, so the default python:twisted CPE doesn't match any entries. See CVE db query: sqlite> select * from products where PRODUCT = 'twisted'; CVE-2014-7143|twisted|twisted|14.0.0|=|| CVE-2016-1000111|twisted|twisted|||16.3.1|< CVE-2019-12387|twisted|twisted|||19.2.1|< CVE-2019-12855|twisted|twisted|||19.2.1|<= CVE-2020-10108|twisted|twisted|||19.10.0|<= CVE-2020-10109|twisted|twisted|||19.10.0|<= CVE-2022-21712|twisted|twisted|11.1.0|>=|22.1.0|< CVE-2022-21716|twisted|twisted|21.7.0|>=|22.2.0|< CVE-2022-24801|twisted|twisted|||22.4.0|< CVE-2022-39348|twisted|twisted|0.9.4|>=|22.10.0|< CVE-2023-46137|twisted|twisted|||22.8.0|<= CVE-2024-41810|twisted|twisted|||24.3.0|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ldap: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | The relevant CVEs are tracked with python-ldap:python-ldap CPE, not python:python-ldap. See CVE db query: sqlite> select * from products where PRODUCT like '%python-ldap%'; CVE-2021-46823|python-ldap|python-ldap|||3.4.0|< CVE-2025-61911|python-ldap|python-ldap|||3.4.5|< CVE-2025-61912|python-ldap|python-ldap|||3.4.5|< Set the CVE_PRODUCT accordingly Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-simplejson: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+1
| | | | | | | | | | | | | | There is one relevant CVE tracked using the simplejson_prject:simplejson CPE, and no entries tracked with python:simplejson. See CVE db query: sqlite> select * from products where PRODUCT like '%simplejson%'; CVE-2014-4616|simplejson_project|simplejson|||2.6.1|< Set the CVE_PRODUCT accordingly Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pywbem: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | Relevant CVEs are tracked with pywbem_project:pywbem CPE instead of the (previously) expected python:pywbem. See CVE db query: sqlite> select * from products where PRODUCT = 'pywbem'; CVE-2013-6418|pywbem_project|pywbem|||0.7|<= CVE-2013-6444|pywbem_project|pywbem|||0.7|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-virtualenv: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | There are relevant CVEs tracked under two different CPEs: python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed). See CVE db query: sqlite> select * from products where PRODUCT = 'virtualenv'; CVE-2011-4617|python|virtualenv|||1.4.9|<= CVE-2011-4617|python|virtualenv|0.8|=|| CVE-2011-4617|python|virtualenv|0.8.1|=|| CVE-2011-4617|python|virtualenv|0.8.2|=|| CVE-2011-4617|python|virtualenv|0.8.3|=|| CVE-2011-4617|python|virtualenv|0.8.4|=|| CVE-2011-4617|python|virtualenv|0.9|=|| CVE-2011-4617|python|virtualenv|0.9.1|=|| CVE-2011-4617|python|virtualenv|0.9.2|=|| CVE-2011-4617|python|virtualenv|1.0|=|| CVE-2011-4617|python|virtualenv|1.1|=|| CVE-2011-4617|python|virtualenv|1.1.1|=|| CVE-2011-4617|python|virtualenv|1.2|=|| CVE-2011-4617|python|virtualenv|1.3|=|| CVE-2011-4617|python|virtualenv|1.3.1|=|| CVE-2011-4617|python|virtualenv|1.3.2|=|| CVE-2011-4617|python|virtualenv|1.3.3|=|| CVE-2011-4617|python|virtualenv|1.3.4|=|| CVE-2011-4617|python|virtualenv|1.4|=|| CVE-2011-4617|python|virtualenv|1.4.1|=|| CVE-2011-4617|python|virtualenv|1.4.2|=|| CVE-2011-4617|python|virtualenv|1.4.3|=|| CVE-2011-4617|python|virtualenv|1.4.4|=|| CVE-2011-4617|python|virtualenv|1.4.5|=|| CVE-2011-4617|python|virtualenv|1.4.6|=|| CVE-2011-4617|python|virtualenv|1.4.7|=|| CVE-2011-4617|python|virtualenv|1.4.8|=|| CVE-2013-5123|virtualenv|virtualenv|12.0.7|=|| CVE-2024-53899|virtualenv|virtualenv|||20.26.6|< Set the CVE_PRODUCT so both are matched. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-httplib2: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | There are no CVEs tracked with python:httplib2 CPE, but there are multiple ones tracked under httplib2_project:hgttplib2 CPE (and they are related to this recipe). See CVE db query: sqlite> select * from products where PRODUCT = 'httplib2'; CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<= CVE-2013-2037|httplib2_project|httplib2|0.8|=|| CVE-2020-11078|httplib2_project|httplib2|||0.18.0|< CVE-2021-21240|httplib2_project|httplib2|||0.19.0|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-matplotlib: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are tracked by the defaul python:matplotlib CPE). See CVE db query: sqlite> select * from products where PRODUCT = 'matplotlib'; CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyrad: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | NIST tracks related CVEs with pyrad_project CPE vendor instead of "python". Set the CVE_PRODUCT to pyrad, so both can be matched. See CVE db query: sqlite> select * from products where PRODUCT = 'pyrad'; CVE-2013-0294|pyrad_project|pyrad|||2.1|< CVE-2013-0342|pyrad_project|pyrad|||2.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-redis: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | Set the correct CVE_PRODUCT for the recipe. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-twitter: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where PRODUCT = 'tweepy'; CVE-2012-5825|tweepy|tweepy|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-sqlalchemy: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<= CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<= CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=|| CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=|| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-paramiko: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=|| CVE-2018-1000805|paramiko|paramiko|1.17.6|=|| CVE-2018-1000805|paramiko|paramiko|1.18.5|=|| CVE-2018-1000805|paramiko|paramiko|2.0.8|=|| CVE-2018-1000805|paramiko|paramiko|2.1.5|=|| CVE-2018-1000805|paramiko|paramiko|2.2.3|=|| CVE-2018-1000805|paramiko|paramiko|2.3.2|=|| CVE-2018-1000805|paramiko|paramiko|2.4.1|=|| CVE-2018-7750|paramiko|paramiko|||1.17.6|< CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|< CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|< CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|< CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|< CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|< CVE-2018-7750|paramiko|paramiko|2.4.0|=|| CVE-2022-24302|paramiko|paramiko|||2.10.1|< CVE-2023-48795|paramiko|paramiko|||3.4.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-tornado: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374|tornadoweb|tornado|||2.2|<= CVE-2012-2374|tornadoweb|tornado|1.0|=|| CVE-2012-2374|tornadoweb|tornado|1.0.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.2|=|| CVE-2012-2374|tornadoweb|tornado|1.2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.0|=|| CVE-2012-2374|tornadoweb|tornado|2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.1.1|=|| CVE-2014-9720|tornadoweb|tornado|||3.2.2|< CVE-2023-25264|docmosis|tornado|||2.9.5|< CVE-2023-25265|docmosis|tornado|||2.9.5|< CVE-2023-25266|docmosis|tornado|||2.9.5|< CVE-2023-28370|tornadoweb|tornado|||6.3.2|< CVE-2024-42733|docmosis|tornado|||2.9.7|<= CVE-2024-52804|tornadoweb|tornado|||6.4.2|< CVE-2025-47287|tornadoweb|tornado|||6.5.0|< CVE-2025-67724|tornadoweb|tornado|||6.5.3|< CVE-2025-67725|tornadoweb|tornado|||6.5.3|< CVE-2025-67726|tornadoweb|tornado|||6.5.3|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cbor2: set CVE_PRODUCTGyorgy Sarvari89 min.1-0/+2
| | | | | | | | | | | | The default, "python:cbor2" CVE_PRODUCT is not appropriate for this recipe, because most associated CVEs use "agronholm:cbor2" CPE. Set the CVE_PRODUCT to cbor2, so it will match the currently used CPE, and in case there will be future python:cbor2 CPEs also, they will be matched too. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-backports-zstd: Upgrade to 1.3.0Khem Raj19 hours1-2/+5
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi-cli: upgrade 0.0.16 -> 0.0.20Liu Yiding19 hours1-1/+1
| | | | | | | | Changelog: https://github.com/fastapi/fastapi-cli/releases/tag/0.0.20 Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager-openvpn: upgrade 1.12.3 -> 1.12.5Liu Yiding19 hours1-1/+3
| | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* networkmanager: upgrade 1.52.0 -> 1.52.2Liu Yiding19 hours1-2/+2
| | | | | Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tmux: add packageconfig for sixel supportMarkus Volk30 hours1-0/+1
| | | | | Signed-off-by: Markus Volk <f_l_k@t-online.de> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* botan: Remove ptests execution on rv32Khem Raj32 hours1-1/+2
| | | | | | It needs go compiler and runtime which is missing on rv32 Signed-off-by: Khem Raj <raj.khem@gmail.com>
* initramfs-kexecboot-image: Allow supported architecturesKhem Raj32 hours1-1/+5
| | | | | | Not all arches e.g. rv32 support kexec atm, reflect that here Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gimp: patch CVE-2025-14425Gyorgy Sarvari33 hours2-0/+80
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14425 Backport the patch referenced by the nvd report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gimp: patch CVE-2025-14424Gyorgy Sarvari33 hours2-0/+35
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14424 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gimp: patch CVE-2025-14423Gyorgy Sarvari33 hours2-0/+107
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14423 Pick the patch references by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gimp: patch CVE-2025-14422Gyorgy Sarvari33 hours2-5/+73
| | | | | | | | | Details: https://nvd.nist.gov/vuln/detail/CVE-2025-14422 Pick the patch referenced by the NVD report. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* tesseract: upgrade 5.5.1 -> 5.5.2Wang Mingyu33 hours1-2/+2
| | | | | | | | | | | | | | | | | | | | | Changelog: ============= - Simplify code for osdetect - Fix and improve configuration for cmake builds - Modernize some for loops and fix some signed/unsigned issues - Cmake optimization with warp2 - Update checkout action - chore: fix cyrillic typo - Move version info. to appropriate ALTO element - CI: Remove unneeded export statements from cmake workflow for macOS - Bump actions/checkout from 5 to 6 - Bump github/codeql-action from 2 to 4 - Bump actions/upload-artifact from 4 to 5 - Bump mikepenz/action-junit-report from 4 to 6 - Bump actions/upload-artifact from 5 to 6 Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-typer: upgrade 0.20.1 -> 0.21.0Wang Mingyu33 hours1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pikepdf: upgrade 10.0.3 -> 10.1.0Wang Mingyu33 hours1-1/+1
| | | | | Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-marshmallow: upgrade 4.1.1 -> 4.1.2Wang Mingyu33 hours1-1/+1
| | | | | | | | Changelog: Merge error store messages without rebuilding collections. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-elementpath: upgrade 5.0.4 -> 5.1.0Wang Mingyu33 hours1-2/+2
| | | | | | | | | | | | | | License-Update: Copyright year updated to 2025. Changelog: =========== - Drop Python 3.9 compatibility and add Pyton 3.15 support - Improve XPath sequence internal processing with a list derived type xlist - Extensions and fixes for XSD datatypes - Add XSequence datatype for external representation of XPath sequences Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-coverage: upgrade 7.13.0 -> 7.13.1Wang Mingyu33 hours1-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | Changelog: ============ - Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. - Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable. - Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105. - Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. - Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step. - Docs: added a section explaining more about what is considered a missing branch and how it is reported: Examples of missing branches, as requested in issue 1597. - Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bleak: upgrade 2.0.0 -> 2.1.0Wang Mingyu33 hours1-1/+1
| | | | | | | | | | | | | | Changelog: ============= - Added bluez parameter to BleakClient.start_notify() to allow forcing using "StartNotify" instead of "AcquireNotify" on BlueZ backend. - Added bleak.args.SizedBuffer type for better type hinting of buffer protocol parameters. - Fixed calling logging.debug() in WinRT backend. - Fixed calling logging.warning() in BlueZ backend. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* gpsd: upgrade 3.27.1 -> 3.27.2Wang Mingyu33 hours1-1/+1
| | | | | | | | Changelog: Fix a gpsd.rules warning. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2025-12-31 02:29:00 +0000