summaryrefslogtreecommitdiffstats
path: root/meta-python/recipes-devtools/python
Commit message (Collapse)AuthorAgeFilesLines
* python3-propcache: Update Cython to version 3.2.3Khem Raj10 days2-0/+34
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-bumble: Add recipeKhem Raj13 days1-0/+38
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyee: Add recipeKhem Raj13 days1-0/+12
| | | | Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pymongo: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | The default python:pymongo CPE fails to match related CVE entries, because they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%pymongo%'; CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-orjson: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-python-multipart: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | | | The default python:python_multipart CPE doesn't match relevant CVE entries, because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE, and Mitre uses kludex:python-multipart for others. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%python%multipart%'; CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ecdsa: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't match relevant entries. The correct values were taken from the CVE db, by checking which CVEs are relevant. See CVE db query: sqlite> select * from products where product like '%ecdsa%'; CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|< CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|< CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=|| CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=|| CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=|| CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=|| CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|< CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|< CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|< CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-gevent: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | Relevant CVEs are tracked with gevent:gevent CPE, and the default python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%gevent%'; CVE-2023-41419|gevent|gevent|||23.9.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-dnspython: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | The related CVEs are tracked using dnspython:dnspython CPE, and the default python:dnspython CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%dnspython%'; CVE-2023-29483|dnspython|dnspython|||2.6.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-starlette: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | The relevant CVE entries are tracked with encode:starlette CPE, and the default python:starlette CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%starlette%'; CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|< CVE-2023-30798|encode|starlette|||0.25.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-markdown-it-py: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | The related CVE entries are tracked with executablebooks:markdown-it-py CPE value, and the default python:markdown-it-py CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%markdown-it-py%'; CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|< CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-configobj: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with configobj_peroject:configobj CPE in the database, and the default python:configobj CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%configobj%'; CVE-2023-26112|configobj_project|configobj|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py7zr: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The related CVEs are tracked with py7zr_project:py7zr CPE in the database, and the default python:py7zr CPE doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%py7zr%'; CVE-2022-44900|py7zr_project|py7zr|||0.20.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-oauthlib: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using oathlib_project:oathlib CPE, and the default python:oauthlib CPE doesn't match relevant entries. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'oauthlib'; CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-joblib: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eth-account: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | The relevant CVEs are tracked with ethereum:eth-account CPE, and the default python:eth-account one doesn't match relevant entries. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%eth-account%'; CVE-2022-1930|ethereum|eth-account|||0.5.9|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-binwalk: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like '%binwalk%'; CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0 CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-httpx: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | The relevant CVEs are tracked in the CVE db with encode:httpx CPE instead of the default python:httpx. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%httpx%'; CVE-2021-41945|encode|httpx|||0.23.0|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-cvxopt: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | Set correct CVE_PRODUCT to be used instead of ${PN}. See CVE db query: sqlite> select * from products where product like '%cvxopt%'; CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-sqlparse: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | The relevant CVEs are tracked with sqlparse_project:sqlparse CPE, and the default python:sqlparse CPE doesn't match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%sqlparse%'; CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|< CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-restx: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The relevant CVEs are tracked using flask-restx_project:flask-restx CPE, which makes the default python:flask-restx CPE to not match relevant CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like '%flask-restx%'; CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-fastapi: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | Set correct CVE_PRODUCT - the default (python:fastapi) is not the one that is used to track CVEs. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'fastapi'; CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0 CVE-2025-55526|n8n|fastapi|0.115.14|=|||0 Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-lief: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | The correct CVE_PRODUCT is "lief" for this recipe instead of the default ${PN}, that doesn't match relevant CVEs. See CVE db query: sqlite> select * from products where product like 'lief'; CVE-2021-32297|lief-project|lief|||0.11.4|<= CVE-2022-38306|lief-project|lief|||0.12.1|< CVE-2022-38307|lief-project|lief|||0.12.1|< CVE-2022-38495|lief-project|lief|||0.12.1|<= CVE-2022-38496|lief-project|lief|||0.12.1|<= CVE-2022-38497|lief-project|lief|||0.12.1|<= CVE-2022-40922|lief-project|lief|0.12.1|=|| CVE-2022-40923|lief-project|lief|0.12.1|=|| CVE-2022-43171|lief-project|lief|0.12.1|=|| CVE-2024-31636|lief-project|lief|0.14.1|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pydantic: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant CVEs. See CVE query (n8n vendor is not relevant): sqlite> select * from products where product like '%pydantic%'; CVE-2021-29510|pydantic|pydantic|||1.6.2|< CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|< CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|< CVE-2024-3772|pydantic|pydantic|||1.10.13|< CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|< CVE-2025-55526|n8n|pydantic|2.11.7|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pikepdf: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | The relevant CVEs are tracked with pikepdf_project:pikepdf CPE, and the default python:pikepdf doesn't match CVEs. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'pikepdf'; CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-mpmath: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | The CVE database tracks relevant CVEs with mpmath:mpmath CPE. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'mpmath'; CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-user: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The relevant CVE is tracked using flask-user_project:flask-user CPE, so the default python:flask-user value doesn't match it. Set CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'flask-user'; CVE-2021-23401|flask-user_project|flask-user|-||| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-eventlet: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | The relevant CVEs are tracked using eventlet:eventlet CPE, and the default python:eventlet CPE doesn't match relevant CVEs. Set the correct CVE_PRODUCT. See CVE db query: sqlite> select * from products where product like 'eventlet'; CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|< CVE-2023-29483|eventlet|eventlet|||0.35.2|< CVE-2025-58068|eventlet|eventlet|||0.40.3|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-aiohttp: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330|aiohttp|aiohttp|||3.7.4|< CVE-2022-33124|aiohttp|aiohttp|3.8.1|=|| CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<= CVE-2023-47627|aiohttp|aiohttp|||3.8.6|< CVE-2023-47641|aiohttp|aiohttp|||3.8.0|< CVE-2023-49081|aiohttp|aiohttp|||3.9.0|< CVE-2023-49082|aiohttp|aiohttp|||3.9.0|< CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|< CVE-2024-23829|aiohttp|aiohttp|||3.9.2|< CVE-2024-27306|aiohttp|aiohttp|||3.9.4|< CVE-2024-30251|aiohttp|aiohttp|||3.9.4|< CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|< CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|< CVE-2024-52304|aiohttp|aiohttp|||3.10.11|< CVE-2025-53643|aiohttp|aiohttp|||3.12.14|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-brotli: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | There is one brotli repository for all language bindings, and the same CPE is used for all: google:brotli (instead of the expected default of python:brotli, in case of the Python package). Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'brotli'; CVE-2020-8927|google|brotli|||1.0.8|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-uvicorn: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | The default python:uvicorn CPE is not correct, the CVEs are tracked under encode:uvicorn. See CVE db query (n8n vendor is not relevant): sqlite> select * from products where product like 'uvicorn'; CVE-2020-7694|encode|uvicorn|-||| CVE-2020-7695|encode|uvicorn|||0.11.7|< CVE-2025-55526|n8n|uvicorn|0.35.0|=|| Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-autobahn: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | The only CVE stored in the CVE db is tracked with "crossbar" vendor, which makes the default python:autobahn CPE to not match. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'autobahn'; CVE-2020-35678|crossbar|autobahn|||20.12.3|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-py: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT accordingly instead of the default python:py. See CVE db query: sqlite> select * from products where product like 'py'; CVE-2020-29651|pytest|py|||1.9.0|<= CVE-2022-42969|pytest|py|||1.11.0|<= Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask-cors: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | The related CVEs are tracked under multiple vendor IDs (but none of them are associated with the default "python" vendor). Query from CVE db: sqlite> select * from products where product like 'flask-cors'; CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|< CVE-2024-1681|corydolphin|flask-cors|4.0.0|=|| CVE-2024-6221|corydolphin|flask-cors|4.0.1|=|| CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=|| CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=|| CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=|| Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pandas: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | Currently there is only one CVE associated with pandas, and it is tracked using numfocus:pandas CPE by NIST instead of the default python:pandas from pypi.bbclass. See CVE db query: sqlite> select * from products where product like 'pandas'; CVE-2020-13091|numfocus|pandas|||1.0.3|<= Set the CVE_PRODUCT accodingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-svglib: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | There is only one relevant CVE in the database, but it is tracked using svglib_project:svglib CPE, not the expected python:svglib CPE, making the cve-checker miss it. See CVE db query: sqlite> select * from products where product like '%svglib%'; CVE-2020-10799|svglib_project|svglib|||0.9.3|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-webargs: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | | The relevant CVEs for this recipe are tracked using webargs_project:webargs CPE, which makes the default python:webargs CPE to miss CVEs. See CVE db query: sqlite> select * from products where product like '%webargs%'; CVE-2019-9710|webargs_project|webargs|||5.1.3|< CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-validators: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | The CVEs related to this project are tracked using the validators_project:validators CPE, which doesn't match the default python:validators CPE. See CVE db query: sqlite> select * from products where product like 'validators'; CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<= CVE-2023-45813|validators_project|validators|0.11.0|=|| CVE-2023-45813|validators_project|validators|0.20.0|=|| Set the CVE_PRODUCT so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-reportlab: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | | | | | The relevant CVEs to this recipe are tracked using reportlab:reportlab CPE, which doesn't match the default python:reportlab CPE, so the cve-checker misses CVEs. See CVE db query: sqlite> select * from products where product like '%reportlab%'; CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0 CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0 CVE-2020-28463|reportlab|reportlab|-||||0 CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0 Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-waitress: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs. See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785|agendaless|waitress|||1.3.1|<= CVE-2019-16786|agendaless|waitress|||1.3.1|< CVE-2019-16789|agendaless|waitress|||1.4.0|<= CVE-2019-16792|agendaless|waitress|||1.3.1|<= CVE-2020-5236|agendaless|waitress|1.4.2|=|| CVE-2022-24761|agendaless|waitress|||2.1.1|< CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|< CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|< CVE-2024-49769|agendaless|waitress|||3.0.1|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-parso: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | There is one related CVE tracked by nist, using the parso_project:parso CPE, which doesn't match the default python:parso CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'parso'; CVE-2019-12760|parso_project|parso|||0.4.0|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-marshmallow: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | The default python:marshmallow CPE doesn't match the CVEs related to this product, as they are tracked with marshmallow_project:marshmallow CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'marshmallow'; CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|< CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|< Set the CVE_PRODUCT so it matches related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-flask: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | The default python:flask CPE doesn't match relevant CVE entries which are tracked under palletsprojects:flask CPE. See CVE db query: sqlite> select * from products where PRODUCT like 'flask'; CVE-2018-1000656|palletsprojects|flask|||0.12.3|< CVE-2019-1010083|palletsprojects|flask|||1.0|< CVE-2023-30861|palletsprojects|flask|||2.2.5|< CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|< Set the CVE_PRODUCT to "flask" so it matches relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python-gunicorn: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | There is only one relevant CVE associated with this recipe in the CVE db, but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn (which is the default CPE from pypi.bbclass) See CVE db query: sqlite> select * from products where PRODUCT like '%gunicorn%'; CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=|| Set CVE_PRODUCT so that it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-supervisor: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | This recipe's CVEs are tracked using supervisord:supervisor CPE by nist, so the default python:supervisor CPE doesn't match relevant CVEs. See CVE db query (home-assisstant vendor is not relevant): sqlite> select * from products where PRODUCT like 'supervisor'; CVE-2017-11610|supervisord|supervisor|||3.0|<= CVE-2017-11610|supervisord|supervisor|3.1.0|=|| CVE-2017-11610|supervisord|supervisor|3.1.1|=|| CVE-2017-11610|supervisord|supervisor|3.1.2|=|| CVE-2017-11610|supervisord|supervisor|3.1.3|=|| CVE-2017-11610|supervisord|supervisor|3.2.0|=|| CVE-2017-11610|supervisord|supervisor|3.2.1|=|| CVE-2017-11610|supervisord|supervisor|3.2.2|=|| CVE-2017-11610|supervisord|supervisor|3.2.3|=|| CVE-2017-11610|supervisord|supervisor|3.3.0|=|| CVE-2017-11610|supervisord|supervisor|3.3.1|=|| CVE-2017-11610|supervisord|supervisor|3.3.2|=|| CVE-2019-12105|supervisord|supervisor|||4.0.2|<= CVE-2023-27482|home-assistant|supervisor|||2023.03.1|< Set the CVE_PRODUCT explicitly to match relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-pyjwt: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+1
| | | | | | | | | | | | | | | | | The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them. See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<= CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|< CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=|| CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=|| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-html5lib: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | There are currently 2 related CVEs in the NIST db, both of them are tracked with html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match. See CVE db query: sqlite> select * from products where PRODUCT like '%html5lib%'; CVE-2016-9909|html5lib|html5lib|||0.99999999|<= CVE-2016-9910|html5lib|html5lib|||0.99999999|<= Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-werkzeug: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything. See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|< CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|< CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|< CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|< CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<= CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|< CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|< CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|< CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=|| CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|< CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|< CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|< CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-tqdm: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | The only related CVE to this recipe is tracked using tqdm_project:tqdm CPE, so the default python:tqdm CPE doesn't match it. See relevant CVE db query: sqlite> select * from products where PRODUCT like 'tqdm'; CVE-2016-10075|tqdm_project|tqdm|4.4.1|=|| CVE-2016-10075|tqdm_project|tqdm|4.10|=|| Set the CVE_PRODUCT so it can match related CVEs. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
* python3-ipython: set CVE_PRODUCTGyorgy Sarvari13 days1-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | ipython CVEs are tracked using ipython:ipython CPE, so the default python:ipython CVE_PRODUCT doesn't match relevant CPEs. See CVE db query: sqlite> select * from products where PRODUCT like 'ipython'; CVE-2015-4706|ipython|ipython|3.0.0|=|| CVE-2015-4706|ipython|ipython|3.1.0|=|| CVE-2015-4707|ipython|ipython|||3.2.0|< CVE-2015-5607|ipython|ipython|2.0.0|=|| CVE-2015-5607|ipython|ipython|2.1.0|=|| CVE-2015-5607|ipython|ipython|2.2.0|=|| CVE-2015-5607|ipython|ipython|2.3.0|=|| CVE-2015-5607|ipython|ipython|2.3.1|=|| CVE-2015-5607|ipython|ipython|2.4.0|=|| CVE-2015-5607|ipython|ipython|2.4.1|=|| CVE-2015-5607|ipython|ipython|3.0.0|=|| CVE-2015-5607|ipython|ipython|3.1.0|=|| CVE-2015-5607|ipython|ipython|3.2.0|=|| CVE-2015-5607|ipython|ipython|3.2.1|=|| CVE-2015-5607|ipython|ipython|3.2.2|=|| CVE-2015-5607|ipython|ipython|3.2.3|=|| CVE-2022-21699|ipython|ipython|||5.10.0|<= CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|< CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|< CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|< CVE-2023-24816|ipython|ipython|||8.10.0|< Set the CVE_PRODUCT accordingly to match the relevant entries. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>
generated by cgit v1.2.3-54-g00ecf (git 2.39.0) at 2026-01-13 08:04:15 +0000