From: "mark.yang" <[email protected]> NVD registers ply as dabeaz:ply, so the default python:ply vendor prefix never matches and no CVEs are reported. Use the exact vendor:product pair.
CVE-2025-56005 will then show as unpatched; no fixed release exists. Suggested-by: Paul Barker <[email protected]> Signed-off-by: mark.yang <[email protected]> --- v2: use exact vendor:product pair; drop CVE_STATUS meta/recipes-devtools/python/python3-ply_3.11.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-ply_3.11.bb b/meta/recipes-devtools/python/python3-ply_3.11.bb index 2c5fa3f215..06393ac4fe 100644 --- a/meta/recipes-devtools/python/python3-ply_3.11.bb +++ b/meta/recipes-devtools/python/python3-ply_3.11.bb @@ -14,4 +14,6 @@ RDEPENDS:${PN}:class-target += "\ python3-shell \ " +CVE_PRODUCT = "dabeaz:ply" + BBCLASSEXTEND = "native nativesdk"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#240855): https://lists.openembedded.org/g/openembedded-core/message/240855 Mute This Topic: https://lists.openembedded.org/mt/120259065/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
