| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CVE database tracks relevant CVEs with mpmath:mpmath CPE.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'mpmath';
CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVE is tracked using flask-user_project:flask-user CPE,
so the default python:flask-user value doesn't match it.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'flask-user';
CVE-2021-23401|flask-user_project|flask-user|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using eventlet:eventlet CPE, and the default
python:eventlet CPE doesn't match relevant CVEs.
Set the correct CVE_PRODUCT.
See CVE db query:
sqlite> select * from products where product like 'eventlet';
CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|<
CVE-2023-29483|eventlet|eventlet|||0.35.2|<
CVE-2025-58068|eventlet|eventlet|||0.40.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using aiohttp:aiohttp CPE, so the default
python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'aiohttp';
CVE-2021-21330|aiohttp|aiohttp|||3.7.4|<
CVE-2022-33124|aiohttp|aiohttp|3.8.1|=||
CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<=
CVE-2023-47627|aiohttp|aiohttp|||3.8.6|<
CVE-2023-47641|aiohttp|aiohttp|||3.8.0|<
CVE-2023-49081|aiohttp|aiohttp|||3.9.0|<
CVE-2023-49082|aiohttp|aiohttp|||3.9.0|<
CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|<
CVE-2024-23829|aiohttp|aiohttp|||3.9.2|<
CVE-2024-27306|aiohttp|aiohttp|||3.9.4|<
CVE-2024-30251|aiohttp|aiohttp|||3.9.4|<
CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|<
CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|<
CVE-2024-52304|aiohttp|aiohttp|||3.10.11|<
CVE-2025-53643|aiohttp|aiohttp|||3.12.14|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one brotli repository for all language bindings, and the same
CPE is used for all: google:brotli (instead of the expected default
of python:brotli, in case of the Python package).
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'brotli';
CVE-2020-8927|google|brotli|||1.0.8|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:uvicorn CPE is not correct, the CVEs are tracked
under encode:uvicorn.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'uvicorn';
CVE-2020-7694|encode|uvicorn|-|||
CVE-2020-7695|encode|uvicorn|||0.11.7|<
CVE-2025-55526|n8n|uvicorn|0.35.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only CVE stored in the CVE db is tracked with "crossbar" vendor,
which makes the default python:autobahn CPE to not match.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'autobahn';
CVE-2020-35678|crossbar|autobahn|||20.12.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT
accordingly instead of the default python:py.
See CVE db query:
sqlite> select * from products where product like 'py';
CVE-2020-29651|pytest|py|||1.9.0|<=
CVE-2022-42969|pytest|py|||1.11.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked under multiple vendor IDs (but none
of them are associated with the default "python" vendor).
Query from CVE db:
sqlite> select * from products where product like 'flask-cors';
CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|<
CVE-2024-1681|corydolphin|flask-cors|4.0.0|=||
CVE-2024-6221|corydolphin|flask-cors|4.0.1|=||
CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=||
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is only one CVE associated with pandas, and it is tracked
using numfocus:pandas CPE by NIST instead of the default python:pandas from
pypi.bbclass.
See CVE db query:
sqlite> select * from products where product like 'pandas';
CVE-2020-13091|numfocus|pandas|||1.0.3|<=
Set the CVE_PRODUCT accodingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is only one relevant CVE in the database, but it is tracked using
svglib_project:svglib CPE, not the expected python:svglib CPE, making the
cve-checker miss it.
See CVE db query:
sqlite> select * from products where product like '%svglib%';
CVE-2020-10799|svglib_project|svglib|||0.9.3|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs for this recipe are tracked using webargs_project:webargs
CPE, which makes the default python:webargs CPE to miss CVEs.
See CVE db query:
sqlite> select * from products where product like '%webargs%';
CVE-2019-9710|webargs_project|webargs|||5.1.3|<
CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVEs related to this project are tracked using the validators_project:validators
CPE, which doesn't match the default python:validators CPE.
See CVE db query:
sqlite> select * from products where product like 'validators';
CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<=
CVE-2023-45813|validators_project|validators|0.11.0|=||
CVE-2023-45813|validators_project|validators|0.20.0|=||
Set the CVE_PRODUCT so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs to this recipe are tracked using reportlab:reportlab
CPE, which doesn't match the default python:reportlab CPE, so the cve-checker
misses CVEs.
See CVE db query:
sqlite> select * from products where product like '%reportlab%';
CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0
CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0
CVE-2020-28463|reportlab|reportlab|-||||0
CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one related CVE tracked by nist, using the parso_project:parso CPE,
which doesn't match the default python:parso CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'parso';
CVE-2019-12760|parso_project|parso|||0.4.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:marshmallow CPE doesn't match the CVEs related to this
product, as they are tracked with marshmallow_project:marshmallow CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'marshmallow';
CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|<
CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|<
Set the CVE_PRODUCT so it matches related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:flask CPE doesn't match relevant CVE entries which are
tracked under palletsprojects:flask CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'flask';
CVE-2018-1000656|palletsprojects|flask|||0.12.3|<
CVE-2019-1010083|palletsprojects|flask|||1.0|<
CVE-2023-30861|palletsprojects|flask|||2.2.5|<
CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|<
Set the CVE_PRODUCT to "flask" so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is only one relevant CVE associated with this recipe in the CVE db,
but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn
(which is the default CPE from pypi.bbclass)
See CVE db query:
sqlite> select * from products where PRODUCT like '%gunicorn%';
CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=||
Set CVE_PRODUCT so that it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This recipe's CVEs are tracked using supervisord:supervisor CPE by nist,
so the default python:supervisor CPE doesn't match relevant CVEs.
See CVE db query (home-assisstant vendor is not relevant):
sqlite> select * from products where PRODUCT like 'supervisor';
CVE-2017-11610|supervisord|supervisor|||3.0|<=
CVE-2017-11610|supervisord|supervisor|3.1.0|=||
CVE-2017-11610|supervisord|supervisor|3.1.1|=||
CVE-2017-11610|supervisord|supervisor|3.1.2|=||
CVE-2017-11610|supervisord|supervisor|3.1.3|=||
CVE-2017-11610|supervisord|supervisor|3.2.0|=||
CVE-2017-11610|supervisord|supervisor|3.2.1|=||
CVE-2017-11610|supervisord|supervisor|3.2.2|=||
CVE-2017-11610|supervisord|supervisor|3.2.3|=||
CVE-2017-11610|supervisord|supervisor|3.3.0|=||
CVE-2017-11610|supervisord|supervisor|3.3.1|=||
CVE-2017-11610|supervisord|supervisor|3.3.2|=||
CVE-2019-12105|supervisord|supervisor|||4.0.2|<=
CVE-2023-27482|home-assistant|supervisor|||2023.03.1|<
Set the CVE_PRODUCT explicitly to match relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the
defauly python:pyjwt CPE doesn't match them.
See CVE db query:
sqlite> select * from products where PRODUCT like '%pyjwt%';
CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<=
CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|<
CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=||
CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=||
Set the CVE_PRODUCT so it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are currently 2 related CVEs in the NIST db, both of them are tracked with
html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match.
See CVE db query:
sqlite> select * from products where PRODUCT like '%html5lib%';
CVE-2016-9909|html5lib|html5lib|||0.99999999|<=
CVE-2016-9910|html5lib|html5lib|||0.99999999|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes
the the default python:werkzeug CPE to not match anything.
See CVE db query:
sqlite> select * from products where PRODUCT like 'werkzeug';
CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|<
CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|<
CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|<
CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|<
CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<=
CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|<
CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=||
CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|<
CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|<
CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|<
CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|<
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only related CVE to this recipe is tracked using tqdm_project:tqdm
CPE, so the default python:tqdm CPE doesn't match it.
See relevant CVE db query:
sqlite> select * from products where PRODUCT like 'tqdm';
CVE-2016-10075|tqdm_project|tqdm|4.4.1|=||
CVE-2016-10075|tqdm_project|tqdm|4.10|=||
Set the CVE_PRODUCT so it can match related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
ipython CVEs are tracked using ipython:ipython CPE, so the default
python:ipython CVE_PRODUCT doesn't match relevant CPEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'ipython';
CVE-2015-4706|ipython|ipython|3.0.0|=||
CVE-2015-4706|ipython|ipython|3.1.0|=||
CVE-2015-4707|ipython|ipython|||3.2.0|<
CVE-2015-5607|ipython|ipython|2.0.0|=||
CVE-2015-5607|ipython|ipython|2.1.0|=||
CVE-2015-5607|ipython|ipython|2.2.0|=||
CVE-2015-5607|ipython|ipython|2.3.0|=||
CVE-2015-5607|ipython|ipython|2.3.1|=||
CVE-2015-5607|ipython|ipython|2.4.0|=||
CVE-2015-5607|ipython|ipython|2.4.1|=||
CVE-2015-5607|ipython|ipython|3.0.0|=||
CVE-2015-5607|ipython|ipython|3.1.0|=||
CVE-2015-5607|ipython|ipython|3.2.0|=||
CVE-2015-5607|ipython|ipython|3.2.1|=||
CVE-2015-5607|ipython|ipython|3.2.2|=||
CVE-2015-5607|ipython|ipython|3.2.3|=||
CVE-2022-21699|ipython|ipython|||5.10.0|<=
CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|<
CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|<
CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|<
CVE-2023-24816|ipython|ipython|||8.10.0|<
Set the CVE_PRODUCT accordingly to match the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked with twisted:twisted CPE, so the
default python:twisted CPE doesn't match any entries.
See CVE db query:
sqlite> select * from products where PRODUCT = 'twisted';
CVE-2014-7143|twisted|twisted|14.0.0|=||
CVE-2016-1000111|twisted|twisted|||16.3.1|<
CVE-2019-12387|twisted|twisted|||19.2.1|<
CVE-2019-12855|twisted|twisted|||19.2.1|<=
CVE-2020-10108|twisted|twisted|||19.10.0|<=
CVE-2020-10109|twisted|twisted|||19.10.0|<=
CVE-2022-21712|twisted|twisted|11.1.0|>=|22.1.0|<
CVE-2022-21716|twisted|twisted|21.7.0|>=|22.2.0|<
CVE-2022-24801|twisted|twisted|||22.4.0|<
CVE-2022-39348|twisted|twisted|0.9.4|>=|22.10.0|<
CVE-2023-46137|twisted|twisted|||22.8.0|<=
CVE-2024-41810|twisted|twisted|||24.3.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one relevant CVE tracked using the simplejson_prject:simplejson
CPE, and no entries tracked with python:simplejson.
See CVE db query:
sqlite> select * from products where PRODUCT like '%simplejson%';
CVE-2014-4616|simplejson_project|simplejson|||2.6.1|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are relevant CVEs tracked under two different CPEs:
python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed).
See CVE db query:
sqlite> select * from products where PRODUCT = 'virtualenv';
CVE-2011-4617|python|virtualenv|||1.4.9|<=
CVE-2011-4617|python|virtualenv|0.8|=||
CVE-2011-4617|python|virtualenv|0.8.1|=||
CVE-2011-4617|python|virtualenv|0.8.2|=||
CVE-2011-4617|python|virtualenv|0.8.3|=||
CVE-2011-4617|python|virtualenv|0.8.4|=||
CVE-2011-4617|python|virtualenv|0.9|=||
CVE-2011-4617|python|virtualenv|0.9.1|=||
CVE-2011-4617|python|virtualenv|0.9.2|=||
CVE-2011-4617|python|virtualenv|1.0|=||
CVE-2011-4617|python|virtualenv|1.1|=||
CVE-2011-4617|python|virtualenv|1.1.1|=||
CVE-2011-4617|python|virtualenv|1.2|=||
CVE-2011-4617|python|virtualenv|1.3|=||
CVE-2011-4617|python|virtualenv|1.3.1|=||
CVE-2011-4617|python|virtualenv|1.3.2|=||
CVE-2011-4617|python|virtualenv|1.3.3|=||
CVE-2011-4617|python|virtualenv|1.3.4|=||
CVE-2011-4617|python|virtualenv|1.4|=||
CVE-2011-4617|python|virtualenv|1.4.1|=||
CVE-2011-4617|python|virtualenv|1.4.2|=||
CVE-2011-4617|python|virtualenv|1.4.3|=||
CVE-2011-4617|python|virtualenv|1.4.4|=||
CVE-2011-4617|python|virtualenv|1.4.5|=||
CVE-2011-4617|python|virtualenv|1.4.6|=||
CVE-2011-4617|python|virtualenv|1.4.7|=||
CVE-2011-4617|python|virtualenv|1.4.8|=||
CVE-2013-5123|virtualenv|virtualenv|12.0.7|=||
CVE-2024-53899|virtualenv|virtualenv|||20.26.6|<
Set the CVE_PRODUCT so both are matched.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are no CVEs tracked with python:httplib2 CPE, but there
are multiple ones tracked under httplib2_project:hgttplib2 CPE
(and they are related to this recipe).
See CVE db query:
sqlite> select * from products where PRODUCT = 'httplib2';
CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<=
CVE-2013-2037|httplib2_project|httplib2|0.8|=||
CVE-2020-11078|httplib2_project|httplib2|||0.18.0|<
CVE-2021-21240|httplib2_project|httplib2|||0.19.0|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are
tracked by the defaul python:matplotlib CPE).
See CVE db query:
sqlite> select * from products where PRODUCT = 'matplotlib';
CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
NIST tracks related CVEs with pyrad_project CPE vendor instead of "python".
Set the CVE_PRODUCT to pyrad, so both can be matched.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pyrad';
CVE-2013-0294|pyrad_project|pyrad|||2.1|<
CVE-2013-0342|pyrad_project|pyrad|||2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
Set the correct CVE_PRODUCT for the recipe.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where PRODUCT = 'tweepy';
CVE-2012-5825|tweepy|tweepy|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:sqlalchemy CPE fails to match CVEs, because the CVEs
are associated with sqlalchemy:sqlalchemy CPE.
See CVE db query:
sqlite> select * from products where PRODUCT = 'sqlalchemy';
CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<=
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<=
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=||
CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=||
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT for paramiko. The default python:paramiko value
doesn't match CVEs, because the product has its own set of CPEs associated
with CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT = 'paramiko';
CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=||
CVE-2018-1000805|paramiko|paramiko|1.17.6|=||
CVE-2018-1000805|paramiko|paramiko|1.18.5|=||
CVE-2018-1000805|paramiko|paramiko|2.0.8|=||
CVE-2018-1000805|paramiko|paramiko|2.1.5|=||
CVE-2018-1000805|paramiko|paramiko|2.2.3|=||
CVE-2018-1000805|paramiko|paramiko|2.3.2|=||
CVE-2018-1000805|paramiko|paramiko|2.4.1|=||
CVE-2018-7750|paramiko|paramiko|||1.17.6|<
CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|<
CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|<
CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|<
CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|<
CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|<
CVE-2018-7750|paramiko|paramiko|2.4.0|=||
CVE-2022-24302|paramiko|paramiko|||2.10.1|<
CVE-2023-48795|paramiko|paramiko|||3.4.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because
the project's CPE is "tornadoweb:tornado".
See cve db query (docmosis is an irrelevant vendor):
sqlite> select * from products where PRODUCT = 'tornado';
CVE-2012-2374|tornadoweb|tornado|||2.2|<=
CVE-2012-2374|tornadoweb|tornado|1.0|=||
CVE-2012-2374|tornadoweb|tornado|1.0.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.2|=||
CVE-2012-2374|tornadoweb|tornado|1.2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.0|=||
CVE-2012-2374|tornadoweb|tornado|2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.1.1|=||
CVE-2014-9720|tornadoweb|tornado|||3.2.2|<
CVE-2023-25264|docmosis|tornado|||2.9.5|<
CVE-2023-25265|docmosis|tornado|||2.9.5|<
CVE-2023-25266|docmosis|tornado|||2.9.5|<
CVE-2023-28370|tornadoweb|tornado|||6.3.2|<
CVE-2024-42733|docmosis|tornado|||2.9.7|<=
CVE-2024-52804|tornadoweb|tornado|||6.4.2|<
CVE-2025-47287|tornadoweb|tornado|||6.5.0|<
CVE-2025-67724|tornadoweb|tornado|||6.5.3|<
CVE-2025-67725|tornadoweb|tornado|||6.5.3|<
CVE-2025-67726|tornadoweb|tornado|||6.5.3|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default, "python:cbor2" CVE_PRODUCT is not appropriate for this
recipe, because most associated CVEs use "agronholm:cbor2" CPE.
Set the CVE_PRODUCT to cbor2, so it will match the currently used
CPE, and in case there will be future python:cbor2 CPEs also, they
will be matched too.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/fastapi/fastapi-cli/releases/tag/0.0.20
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
Merge error store messages without rebuilding collections.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
License-Update: Copyright year updated to 2025.
Changelog:
===========
- Drop Python 3.9 compatibility and add Pyton 3.15 support
- Improve XPath sequence internal processing with a list derived type xlist
- Extensions and fixes for XSD datatypes
- Add XSequence datatype for external representation of XPath sequences
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changelog:
============
- Added: the JSON report now includes a "start_line" key for function and class
regions, indicating the first line of the region in the source.
- Added: The debug data command now takes file names as arguments on the
command line, so you can inspect specific data files without needing to set
the COVERAGE_FILE environment variable.
- Fix: the JSON report used to report module docstrings as executed lines,
which no other report did, as described in issue 2105.
- Fix: coverage.py uses a more disciplined approach to detecting where
third-party code is installed, and avoids measuring it.
- Performance: data files that will be combined now record their hash as part
of the file name. This lets us skip duplicate data more quickly, speeding the
combining step.
- Docs: added a section explaining more about what is considered a missing
branch and how it is reported: Examples of missing branches, as requested in
issue 1597.
- Tests: the test suite misunderstood what core was being tested if
COVERAGE_CORE wasn't set on 3.14+.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Bug fixes
~~~~~~~~~
- The "in" operator for "HTTPHeaders" was incorrectly case-sensitive, causing
lookups to fail for headers with different casing than the original header name.
This was a regression in version 6.5.3 and has been fixed to restore the intended
case-insensitive behavior from version 6.5.2 and earlier.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
| |
FIX: Changes in tests to accommodate latest Python HTML parser changes.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Changelog:
==========
- Python 3.14 added.
- Fix SystemError: buffer overflow on Python 3.14+ on 64-bit systems by using
c_ulong instead of c_uint32 for I2C_FUNCS ioctl.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Changelog:
===========
- Fix segmentation fault if export handle outlives the exported object.
- Fix some tests failing on slow systems.
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
