From 49cf55619b0a3df2e41b7332ba4cb7e92ad2f272 Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Thu, 5 Feb 2026 07:59:40 +0100
Subject: python3-m2crypto: ignore CVE-2009-0127

Details: https://nvd.nist.gov/vuln/detail/CVE-2009-0127

The vulnerability is disputed[1] by upstream:
"There is no vulnerability in M2Crypto. Nowhere in the functions
are the return values of OpenSSL functions interpreted incorrectly.
The functions provide an interface to their users that may be
considered confusing, but is not incorrect, nor it is a vulnerability."

[1]: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2009-0127

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
(cherry picked from commit b46a5452a1c1a417f2971e494e151fa1f4022e36)
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Anuj Mittal <anuj.mittal@oss.qualcomm.com>
---
 meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'meta-python/recipes-devtools/python')

diff --git a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
index 9aac7b344f..efb6c79fa7 100644
--- a/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
+++ b/meta-python/recipes-devtools/python/python3-m2crypto_0.46.2.bb
@@ -12,6 +12,8 @@ SRC_URI += " \
           file://0002-fix-correct-struct-packing-on-32-bit-with-_TIME_BITS.patch \
 "
 
+CVE_STATUS[CVE-2009-0127] = "disputed: upstream claims there is no bug"
+
 inherit pypi siteinfo python_setuptools_build_meta
 
 DEPENDS += "openssl swig-native"
-- 
cgit v1.2.3-54-g00ecf