| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Contains fix for CVE-2024-6221 and CVE-2024-1681
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Details: https://nvd.nist.gov/vuln/detail/CVE-2023-26112
The fix[1] is already included in the recipe version (5.0.9),
the CVE can be marked as patched.
[1]: https://github.com/DiffSK/configobj/commit/7c618b0bbaff6ecaca51a6f05b29795d1377a4a5
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Contains fix for CVE-2025-68131
Changelog:
- Added readahead buffering to C decoder for improved performance.
The decoder now uses a 4 KB buffer by default to reduce the number
of read calls. Benchmarks show 20-140% performance improvements for
decoding operations.
- Fixed Python decoder not preserving share index when decoding array
items containing nested shareable tags, causing shared references to
resolve to wrong objects
- Reset shared reference state at the start of each top-level encode/decode
operation
Ptests passed:
...
PASS: tests/test_tool.py:test_dtypes_from_file
PASS: tests/test_tool.py:test_ignore_tag
PASS: tests/test_types.py:test_frozendict
============================================================================
Testsuite summary
DURATION: 4
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Upgrade to release 25.12.2:
Build & CI/CD:
- Synchronize CI/CD, FlatBuffers vendoring, and wamp-ai/wamp-cicd
submodules between autobahn-python and zlmdb
- Switch manylinux container from 2_34 to 2_28 for x86_64 ISA
compatibility (fixes auditwheel flatc bundling)
- Increase ARM64 build timeout to 60 minutes for QEMU emulation
- Add .github/workflows/README.md documenting CI/CD architecture
- Consolidate download-github-release and download-release-artifacts
recipes
- Add checksum verification to artifact download workflow
FlatBufers:
- Simplify vendored FlatBuffers - use upstream as-is
- Track vendored FlatBuffers in git (like zlmdb approach)
- Add version() function to vendored FlatBuffers runtime
- Add check_zlmdb_flatbuffers_version_in_sync() for cross-project
compatibility
- Generate .bfbs files for WAMP schemas during wheel build
Other:
- Rename install-flatc to install-flatc-system with prominent warning
- Remove legacy readthedocs.yml to activate .readthedocs.yaml
- Remove dev-latest optional dependency (PyPI rejects direct URLs)
License-Update: Standardize LICENSE with SPDX header
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Upgrade to release 3.20.2:
- Support Unix systems without O_NOFOLLOW
- [pre-commit.ci] pre-commit autoupdate
Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Switch to Pypi fetcher
Switch to PEP-517 build backend
Fixes
WARNING: python3-wrapt-2.0.1-r0 do_check_backend: QA Issue: inherits setuptools3 but has pyproject.toml with setuptools.build_meta, use the correct class [pep517-backend]
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://github.com/python-cmd2/cmd2/releases/tag/3.1.0
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
| |
Changelog:
https://py7zr.readthedocs.io/en/latest/Changelog.html
Signed-off-by: Liu Yiding <liuyd.fnst@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
| |
Signed-off-by: Tom Geelen <t.f.g.geelen@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
| |
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default python:pymongo CPE fails to match related CVE entries, because
they are tracked using mongodb:pymongo CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%pymongo%';
CVE-2024-5629|mongodb|pymongo|||4.6.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The default python:orjson CPE fails to match related CVEs, because NVD
tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%orjson%';
CVE-2024-27454|ijl|orjson|||3.9.15|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:python_multipart CPE doesn't match relevant CVE entries,
because NVD tracks the related CVEs with fastapiexpect:python-multipart CPE,
and Mitre uses kludex:python-multipart for others.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%python%multipart%';
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
CVE-2024-24762|fastapiexpert|python-multipart|||0.0.7|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set the correct CVE_PRODUCT value, the default python: ecdsa doesn't
match relevant entries.
The correct values were taken from the CVE db, by checking which CVEs
are relevant.
See CVE db query:
sqlite> select * from products where product like '%ecdsa%';
CVE-2019-14853|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2019-14859|python-ecdsa_project|python-ecdsa|||0.13.3|<
CVE-2020-12607|antonkueltz|fastecdsa|||2.1.2|<
CVE-2021-43568|starkbank|elixir_ecdsa|1.0.0|=||
CVE-2021-43569|starkbank|ecdsa-dotnet|1.3.2|=||
CVE-2021-43570|starkbank|ecdsa-java|1.0.0|=||
CVE-2021-43571|starkbank|ecdsa-node|1.1.2|=||
CVE-2021-43572|starkbank|ecdsa-python|||2.0.1|<
CVE-2022-24884|ecdsautils_project|ecdsautils|||0.4.1|<
CVE-2024-21502|antonkueltz|fastecdsa|||2.3.2|<
CVE-2024-23342|tlsfuzzer|ecdsa|||0.18.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Relevant CVEs are tracked with gevent:gevent CPE, and the default
python:gevent CPE doesn't match relevant entries. Set CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%gevent%';
CVE-2023-41419|gevent|gevent|||23.9.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using dnspython:dnspython CPE, and the
default python:dnspython CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%dnspython%';
CVE-2023-29483|dnspython|dnspython|||2.6.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVE entries are tracked with encode:starlette CPE, and
the default python:starlette CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%starlette%';
CVE-2023-29159|encode|starlette|0.13.5|>=|0.27.0|<
CVE-2023-30798|encode|starlette|||0.25.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVE entries are tracked with executablebooks:markdown-it-py CPE
value, and the default python:markdown-it-py CPE doesn't match relevant
entries. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%markdown-it-py%';
CVE-2023-26302|executablebooks|markdown-it-py|||2.2.0|<
CVE-2023-26303|executablebooks|markdown-it-py|||2.2.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked with configobj_peroject:configobj CPE in the
database, and the default python:configobj CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%configobj%';
CVE-2023-26112|configobj_project|configobj|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked with py7zr_project:py7zr CPE in the database,
and the default python:py7zr CPE doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%py7zr%';
CVE-2022-44900|py7zr_project|py7zr|||0.20.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using oathlib_project:oathlib CPE,
and the default python:oauthlib CPE doesn't match relevant entries.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'oauthlib';
CVE-2022-36087|oauthlib_project|oauthlib|3.1.1|>=|3.2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with joblib_project:joblib CPE, and the
default python:joblib CPE doesn't match this. Set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where product like '%joblib%';
CVE-2022-21797|joblib_project|joblib|||1.1.1|<
CVE-2024-34997|joblib_project|joblib|1.4.2|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with ethereum:eth-account CPE, and
the default python:eth-account one doesn't match relevant entries.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%eth-account%';
CVE-2022-1930|ethereum|eth-account|||0.5.9|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT to use instead of the default ${PN}, which doesn't
match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like '%binwalk%';
CVE-2021-4287|microsoft|binwalk|||2.3.3|<|0
CVE-2022-4510|microsoft|binwalk|2.2.0|>=|2.3.3|<|0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked in the CVE db with encode:httpx CPE
instead of the default python:httpx. Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%httpx%';
CVE-2021-41945|encode|httpx|||0.23.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT to be used instead of ${PN}.
See CVE db query:
sqlite> select * from products where product like '%cvxopt%';
CVE-2021-41500|cvxopt_project|cvxopt|||1.2.6|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with sqlparse_project:sqlparse CPE,
and the default python:sqlparse CPE doesn't match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%sqlparse%';
CVE-2021-32839|sqlparse_project|sqlparse|0.4.0|>=|0.4.2|<
CVE-2023-30608|sqlparse_project|sqlparse|0.1.15|>=|0.4.4|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using flask-restx_project:flask-restx CPE,
which makes the default python:flask-restx CPE to not match relevant CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like '%flask-restx%';
CVE-2021-32838|flask-restx_project|flask-restx|||0.5.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT - the default (python:fastapi) is not the one
that is used to track CVEs.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'fastapi';
CVE-2021-32677|tiangolo|fastapi|||0.65.2|<|0
CVE-2025-55526|n8n|fastapi|0.115.14|=|||0
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The correct CVE_PRODUCT is "lief" for this recipe instead of the default
${PN}, that doesn't match relevant CVEs.
See CVE db query:
sqlite> select * from products where product like 'lief';
CVE-2021-32297|lief-project|lief|||0.11.4|<=
CVE-2022-38306|lief-project|lief|||0.12.1|<
CVE-2022-38307|lief-project|lief|||0.12.1|<
CVE-2022-38495|lief-project|lief|||0.12.1|<=
CVE-2022-38496|lief-project|lief|||0.12.1|<=
CVE-2022-38497|lief-project|lief|||0.12.1|<=
CVE-2022-40922|lief-project|lief|0.12.1|=||
CVE-2022-40923|lief-project|lief|0.12.1|=||
CVE-2022-43171|lief-project|lief|0.12.1|=||
CVE-2024-31636|lief-project|lief|0.14.1|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.
See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked with pikepdf_project:pikepdf CPE,
and the default python:pikepdf doesn't match CVEs.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'pikepdf';
CVE-2021-29421|pikepdf_project|pikepdf|1.3.0|>=|2.9.2|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The CVE database tracks relevant CVEs with mpmath:mpmath CPE.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'mpmath';
CVE-2021-29063|mpmath|mpmath|1.0.0|>=|1.2.1|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVE is tracked using flask-user_project:flask-user CPE,
so the default python:flask-user value doesn't match it.
Set CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'flask-user';
CVE-2021-23401|flask-user_project|flask-user|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs are tracked using eventlet:eventlet CPE, and the default
python:eventlet CPE doesn't match relevant CVEs.
Set the correct CVE_PRODUCT.
See CVE db query:
sqlite> select * from products where product like 'eventlet';
CVE-2021-21419|eventlet|eventlet|0.10|>=|0.31.0|<
CVE-2023-29483|eventlet|eventlet|||0.35.2|<
CVE-2025-58068|eventlet|eventlet|||0.40.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using aiohttp:aiohttp CPE, so the default
python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'aiohttp';
CVE-2021-21330|aiohttp|aiohttp|||3.7.4|<
CVE-2022-33124|aiohttp|aiohttp|3.8.1|=||
CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<=
CVE-2023-47627|aiohttp|aiohttp|||3.8.6|<
CVE-2023-47641|aiohttp|aiohttp|||3.8.0|<
CVE-2023-49081|aiohttp|aiohttp|||3.9.0|<
CVE-2023-49082|aiohttp|aiohttp|||3.9.0|<
CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|<
CVE-2024-23829|aiohttp|aiohttp|||3.9.2|<
CVE-2024-27306|aiohttp|aiohttp|||3.9.4|<
CVE-2024-30251|aiohttp|aiohttp|||3.9.4|<
CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|<
CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|<
CVE-2024-52304|aiohttp|aiohttp|||3.10.11|<
CVE-2025-53643|aiohttp|aiohttp|||3.12.14|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one brotli repository for all language bindings, and the same
CPE is used for all: google:brotli (instead of the expected default
of python:brotli, in case of the Python package).
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'brotli';
CVE-2020-8927|google|brotli|||1.0.8|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The default python:uvicorn CPE is not correct, the CVEs are tracked
under encode:uvicorn.
See CVE db query (n8n vendor is not relevant):
sqlite> select * from products where product like 'uvicorn';
CVE-2020-7694|encode|uvicorn|-|||
CVE-2020-7695|encode|uvicorn|||0.11.7|<
CVE-2025-55526|n8n|uvicorn|0.35.0|=||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The only CVE stored in the CVE db is tracked with "crossbar" vendor,
which makes the default python:autobahn CPE to not match.
Set the CVE_PRODUCT accordingly.
See CVE db query:
sqlite> select * from products where product like 'autobahn';
CVE-2020-35678|crossbar|autobahn|||20.12.3|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked using pytest:py CPE, so set the CVE_PRODUCT
accordingly instead of the default python:py.
See CVE db query:
sqlite> select * from products where product like 'py';
CVE-2020-29651|pytest|py|||1.9.0|<=
CVE-2022-42969|pytest|py|||1.11.0|<=
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The related CVEs are tracked under multiple vendor IDs (but none
of them are associated with the default "python" vendor).
Query from CVE db:
sqlite> select * from products where product like 'flask-cors';
CVE-2020-25032|flask-cors_project|flask-cors|||3.0.9|<
CVE-2024-1681|corydolphin|flask-cors|4.0.0|=||
CVE-2024-6221|corydolphin|flask-cors|4.0.1|=||
CVE-2024-6839|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6844|flask-cors_project|flask-cors|4.0.1|=||
CVE-2024-6866|flask-cors_project|flask-cors|4.0.1|=||
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently there is only one CVE associated with pandas, and it is tracked
using numfocus:pandas CPE by NIST instead of the default python:pandas from
pypi.bbclass.
See CVE db query:
sqlite> select * from products where product like 'pandas';
CVE-2020-13091|numfocus|pandas|||1.0.3|<=
Set the CVE_PRODUCT accodingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is only one relevant CVE in the database, but it is tracked using
svglib_project:svglib CPE, not the expected python:svglib CPE, making the
cve-checker miss it.
See CVE db query:
sqlite> select * from products where product like '%svglib%';
CVE-2020-10799|svglib_project|svglib|||0.9.3|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs for this recipe are tracked using webargs_project:webargs
CPE, which makes the default python:webargs CPE to miss CVEs.
See CVE db query:
sqlite> select * from products where product like '%webargs%';
CVE-2019-9710|webargs_project|webargs|||5.1.3|<
CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVEs related to this project are tracked using the validators_project:validators
CPE, which doesn't match the default python:validators CPE.
See CVE db query:
sqlite> select * from products where product like 'validators';
CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<=
CVE-2023-45813|validators_project|validators|0.11.0|=||
CVE-2023-45813|validators_project|validators|0.20.0|=||
Set the CVE_PRODUCT so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The relevant CVEs to this recipe are tracked using reportlab:reportlab
CPE, which doesn't match the default python:reportlab CPE, so the cve-checker
misses CVEs.
See CVE db query:
sqlite> select * from products where product like '%reportlab%';
CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0
CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0
CVE-2020-28463|reportlab|reportlab|-||||0
CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is one related CVE tracked by nist, using the parso_project:parso CPE,
which doesn't match the default python:parso CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'parso';
CVE-2019-12760|parso_project|parso|||0.4.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
|
