From 0febf2f87d3c2c839bcf08b78c9bf7029a738794 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Tue, 21 Apr 2026 04:17:51 -0700
Subject: python3-tornado: set CVE_PRODUCT

The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because
the project's CPE is "tornadoweb:tornado".

See cve db query (docmosis is an irrelevant vendor):

sqlite> select * from products where PRODUCT = 'tornado';
CVE-2012-2374|tornadoweb|tornado|||2.2|<=
CVE-2012-2374|tornadoweb|tornado|1.0|=||
CVE-2012-2374|tornadoweb|tornado|1.0.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.2|=||
CVE-2012-2374|tornadoweb|tornado|1.2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.0|=||
CVE-2012-2374|tornadoweb|tornado|2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.1.1|=||
CVE-2014-9720|tornadoweb|tornado|||3.2.2|<
CVE-2023-25264|docmosis|tornado|||2.9.5|<
CVE-2023-25265|docmosis|tornado|||2.9.5|<
CVE-2023-25266|docmosis|tornado|||2.9.5|<
CVE-2023-28370|tornadoweb|tornado|||6.3.2|<
CVE-2024-42733|docmosis|tornado|||2.9.7|<=
CVE-2024-52804|tornadoweb|tornado|||6.4.2|<
CVE-2025-47287|tornadoweb|tornado|||6.5.0|<
CVE-2025-67724|tornadoweb|tornado|||6.5.3|<
CVE-2025-67725|tornadoweb|tornado|||6.5.3|<
CVE-2025-67726|tornadoweb|tornado|||6.5.3|<

Set the CVE_PRODUCT accordingly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit 139cc15de304918edc0197346579162b12006faa)
Signed-off-by: Himanshu Jadon <hjadon@cisco.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta-python/recipes-devtools/python')

diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
index 25f1b2a310..f513679b62 100644
--- a/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
+++ b/meta-python/recipes-devtools/python/python3-tornado_6.4.2.bb
@@ -44,4 +44,6 @@ FILES:${PN}-test = " \
     ${PYTHON_SITEPACKAGES_DIR}/*/test \
 "
 
+CVE_PRODUCT = "tornadoweb:tornado"
+
 BBCLASSEXTEND  += "native nativesdk"
-- 
cgit v1.2.3-54-g00ecf