| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fixes for CVE-2025-61911 and CVE-2025-61912
Changelog:
Security fixes:
- CVE-2025-61911 (GHSA-r7r6-cc7p-4v5m): Enforce str input in
ldap.filter.escape_filter_chars with escape_mode=1; ensure proper
escaping.
- CVE-2025-61912 (GHSA-p34h-wq7j-h5v6): Correct NUL escaping in
ldap.dn.escape_dn_chars to \00 per RFC 4514.
Fixes:
- ReconnectLDAPObject now properly reconnects on UNAVAILABLE, CONNECT_ERROR
and TIMEOUT exceptions (previously only SERVER_DOWN), fixing reconnection
issues especially during server restarts
- Fixed syncrepl.py to use named constants instead of raw decimal values
for result types
- Fixed error handling in SearchNoOpMixIn to prevent a undefined variable error
Tests:
- Added comprehensive reconnection test cases including concurrent operation
handling and server restart scenarios
Doc:
- Updated installation docs and fixed various documentation typos
- Added ReadTheDocs configuration file
Infrastructure:
- Add testing and document support for Python 3.13
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Contains fix for CVE-2024-6221 and CVE-2024-1681
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
The fix[1] is already included in the recipe version (5.0.9),
the CVE can be marked as patched.
[1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-68131
Changelog:
- Added readahead buffering to C decoder for improved performance.
The decoder now uses a 4 KB buffer by default to reduce the number
of read calls. Benchmarks show 20-140% performance improvements for
decoding operations.
- Fixed Python decoder not preserving share index when decoding array
items containing nested shareable tags, causing shared references to
resolve to wrong objects
- Reset shared reference state at the start of each top-level encode/decode
operation
Ptests passed:
...
PASS: tests/test_tool.py:test_dtypes_from_file
PASS: tests/test_tool.py:test_ignore_tag
PASS: tests/test_types.py:test_frozendict
============================================================================
Testsuite summary
DURATION: 4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Contains fix for CVE-2025-69204
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 25.12.2:
Build & CI/CD:
- Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd
submodules between autobahn-python and zlmdb
- Switch manylinux container from 2_34 to 2_28 for x86_64 ISA
compatibility (fixes auditwheel flatc bundling)
- Increase ARM64 build timeout to 60 minutes for QEMU emulation
- Add .github/workflows/README.md documenting CI/CD architecture
- Consolidate download-github-release and download-release-artifacts
recipes
- Add checksum verification to artifact download workflow
FlatBufers:
- Simplify vendored FlatBuffers - use upstream as-is
- Track vendored FlatBuffers in git (like zlmdb approach)
- Add version() function to vendored FlatBuffers runtime
- Add check_zlmdb_flatbuffers_version_in_sync() for cross-project
compatibility
- Generate .bfbs files for WAMP schemas during wheel build
Other:
- Rename install-flatc to install-flatc-system with prominent warning
- Remove legacy readthedocs.yml to activate .readthedocs.yaml
- Remove dev-latest optional dependency (PyPI rejects direct URLs)
License-Update: Standardize LICENSE with SPDX header
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 2.0.0:
- Drop suport for Python 2
- Fix test_trash_topdir failing on macOS
- Update source installation instructions
- Update gio implementation, don't use deprecated GObject.GError
License-Update: The license remains the same
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Switch to Pypi fetcher
Switch to PEP-517 build backend
Fixes
WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
nginx has a long history, and has used multiple CPEs
over time. Set CVE_PRODUCT to reflect current and historic
vendor:product pairs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Drop CVE patch which has been integrated into this new version.
Solves:
* CVE-2025-53859
CHANGES:
https://nginx.org/en/CHANGES-1.28
Signed-off-by: Jason Schonberg <schonm@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/python-cmd2/cmd2/releases/tag/3.1.0
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://py7zr.readthedocs.io/en/latest/Changelog.html
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Append -Wno-error=deprecated-declarations to CXXFLAGS so builds
don't break when Boost marks APIs like strand::wrap() as deprecated.
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
During the compile step, CMake will attempt to generate a test
certificate with openssl-native using a hard-coded path to the openssl
config:
openssl req -config /etc/ssl/openssl.cnf ...
Thus using the build host's openssl config. If the build host's openssl
is configured with options that openssl-native does not understand or
accept, the test certificate will not be generated:
[log.do_configure on openSUSE 16.0]
Searching for OpenSSL executable and dlls
OpenSSL executable: .../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/recipe-sysroot-native/usr/bin/openssl
GENCERTS = 1
Generating SSL Certificates for the test-server...
Error configuring OpenSSL modules
4037413D467F0000:error:030000A9:digital envelope routines:alg_module_init:unknown option:../sources/openssl-3.5.4/crypto/evp/evp_cnf.c:61:name=rh-allow-sha1-signatures, value=yes
4037413D467F0000:error:0700006D:configuration file routines:module_run:module initialization error:../sources/openssl-3.5.4/crypto/conf/conf_mod.c:288:module=alg_section, value=evp_properties retcode=-1
CMake Warning at lib/tls/CMakeLists.txt:528 (message):
!!! Failed to generate SSL certificate for Test Server!!!:
OpenSSL return code = 1
and the subsequent do_install() step will fail:
| CMake Error at test-apps/cmake_install.cmake:126 (file):
| file INSTALL cannot find
| ".../build/tmp/work/cortexa53-crypto-oe-linux/libwebsockets/4.5.2/build/libwebsockets-test-server.key.pem":
| No such file or directory.
ERROR: Task (.../layers/meta-openembedded/meta-oe/recipes-connectivity/libwebsockets/libwebsockets_4.5.2.bb:do_install) failed with exit code '1'
Fix the location where CMake looks for the openssl.cnf file in order
to use the one that comes with the openssl-native that will be used to
generate the certificate. Thus ensuring that they are in step in terms
of which configuration options will be acceptable.
Signed-off-by: Trevor Woerner <twoerner@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The upstream site (landley.net) serves inconsistent content when using HTTP,
causing checksum mismatches during do_fetch. Using HTTPS ensures stable
downloads and resolves checksum failures.
Signed-off-by: Sanjay Chitroda <sanjayembeddedse@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default ${PN} (python3-scapy) CVE fails to match relevant CVEs,
because they are tracked under the scapy:scapy CPE.
Set CVE_PRODUCT to the correct value.
See CVE db query:
sqlite> select * from products where product like '%scapy%';
CVE-2019-1010142|scapy|scapy|2.4.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default python:pymongo CPE fails to match related CVE entries, because
they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%pymongo%';
CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default python:orjson CPE fails to match related CVEs, because NVD
tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%orjson%';
CVE-2024-27454|ijl|orjson|||3.9.15|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:python_multipart CPE doesn't match relevant CVE entries,
because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE,
and Mitre uses kludex:python-multipart for others.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%python%multipart%';
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant CVEs are tracked with gevent:gevent CPE, and the default
python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%gevent%';
CVE-2023-41419|gevent|gevent|||23.9.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using dnspython:dnspython CPE, and the
default python:dnspython CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%dnspython%';
CVE-2023-29483|dnspython|dnspython|||2.6.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVE entries are tracked with encode:starlette CPE, and
the default python:starlette CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%starlette%';
CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|<
CVE-2023-30798|encode|starlette|||0.25.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVE entries are tracked with executablebooks:markdown-it-py CPE
value, and the default python:markdown-it-py CPE doesn't match relevant
entries. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%markdown-it-py%';
CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|<
CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked with configobj_peroject:configobj CPE in the
database, and the default python:configobj CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%configobj%';
CVE-2023-26112|configobj_project|configobj|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked with py7zr_project:py7zr CPE in the database,
and the default python:py7zr CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%py7zr%';
CVE-2022-44900|py7zr_project|py7zr|||0.20.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using oathlib_project:oathlib CPE,
and the default python:oauthlib CPE doesn't match relevant entries.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'oauthlib';
CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set CVE_PRODUCT to the value that is used to track CVEs for this
recipe in the CVE db.
See CVE db query (priority-software vendor is not relevant):
sqlite> select * from products where product like '%priority%';
CVE-2016-6580|python|python_priority_library|1.0.0|=||
CVE-2016-6580|python|python_priority_library|1.1.0|=||
CVE-2016-6580|python|python_priority_library|1.1.1|=||
CVE-2021-26832|priority-software|priority_enterprise_management_system|8.00|=||
CVE-2022-23172|priority-software|priority|||22.0|<
CVE-2022-23173|priority-software|priority|||22.0|<
CVE-2023-23459|priority-software|priority|||22.1|<
CVE-2023-23460|priority-software|priority|19.1.0.68|=||
CVE-2024-41697|priority-software|priority|||24.0|<
CVE-2024-41698|priority-software|priority|||24.0|<
CVE-2024-41699|priority-software|priority|||24.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with ethereum:eth-account CPE, and
the default python:eth-account one doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%eth-account%';
CVE-2022-1930|ethereum|eth-account|||0.5.9|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't
match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like '%binwalk%';
CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0
CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked in the CVE db with encode:httpx CPE
instead of the default python:httpx. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%httpx%';
CVE-2021-41945|encode|httpx|||0.23.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT to be used instead of ${PN}.
See CVE db query:
sqlite> select * from products where product like '%cvxopt%';
CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using flask-restx_project:flask-restx CPE,
which makes the default python:flask-restx CPE to not match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%flask-restx%';
CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT - the default (python:fastapi) is not the one
that is used to track CVEs.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'fastapi';
CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0
CVE-2025-55526|n8n|fastapi|0.115.14|=|||0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The correct CVE_PRODUCT is "lief" for this recipe instead of the default
${PN}, that doesn't match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like 'lief';
CVE-2021-32297|lief-project|lief|||0.11.4|<=
CVE-2022-38306|lief-project|lief|||0.12.1|<
CVE-2022-38307|lief-project|lief|||0.12.1|<
CVE-2022-38495|lief-project|lief|||0.12.1|<=
CVE-2022-38496|lief-project|lief|||0.12.1|<=
CVE-2022-38497|lief-project|lief|||0.12.1|<=
CVE-2022-40922|lief-project|lief|0.12.1|=||
CVE-2022-40923|lief-project|lief|0.12.1|=||
CVE-2022-43171|lief-project|lief|0.12.1|=||
CVE-2024-31636|lief-project|lief|0.14.1|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.
See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with pikepdf_project:pikepdf CPE,
and the default python:pikepdf doesn't match CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'pikepdf';
CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CVE database tracks relevant CVEs with mpmath:mpmath CPE.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'mpmath';
CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVE is tracked using flask-user_project:flask-user CPE,
so the default python:flask-user value doesn't match it.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'flask-user';
CVE-2021-23401|flask-user_project|flask-user|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using eventlet:eventlet CPE, and the default
python:eventlet CPE doesn't match relevant CVEs.
Set the correct CVE_PRODUCT.
See CVE db query:
sqlite> select * from products where product like 'eventlet';
CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|<
CVE-2023-29483|eventlet|eventlet|||0.35.2|<
CVE-2025-58068|eventlet|eventlet|||0.40.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using aiohttp:aiohttp CPE, so the default
python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'aiohttp';
CVE-2021-21330|aiohttp|aiohttp|||3.7.4|<
CVE-2022-33124|aiohttp|aiohttp|3.8.1|=||
CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<=
CVE-2023-47627|aiohttp|aiohttp|||3.8.6|<
CVE-2023-47641|aiohttp|aiohttp|||3.8.0|<
CVE-2023-49081|aiohttp|aiohttp|||3.9.0|<
CVE-2023-49082|aiohttp|aiohttp|||3.9.0|<
CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|<
CVE-2024-23829|aiohttp|aiohttp|||3.9.2|<
CVE-2024-27306|aiohttp|aiohttp|||3.9.4|<
CVE-2024-30251|aiohttp|aiohttp|||3.9.4|<
CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|<
CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|<
CVE-2024-52304|aiohttp|aiohttp|||3.10.11|<
CVE-2025-53643|aiohttp|aiohttp|||3.12.14|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one brotli repository for all language bindings, and the same
CPE is used for all: google:brotli (instead of the expected default
of python:brotli, in case of the Python package).
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'brotli';
CVE-2020-8927|google|brotli|||1.0.8|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:uvicorn CPE is not correct, the CVEs are tracked
under encode:uvicorn.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'uvicorn';
CVE-2020-7694|encode|uvicorn|-|||
CVE-2020-7695|encode|uvicorn|||0.11.7|<
CVE-2025-55526|n8n|uvicorn|0.35.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
