Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs.
See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=|| CVE-2018-1000805|paramiko|paramiko|1.17.6|=|| CVE-2018-1000805|paramiko|paramiko|1.18.5|=|| CVE-2018-1000805|paramiko|paramiko|2.0.8|=|| CVE-2018-1000805|paramiko|paramiko|2.1.5|=|| CVE-2018-1000805|paramiko|paramiko|2.2.3|=|| CVE-2018-1000805|paramiko|paramiko|2.3.2|=|| CVE-2018-1000805|paramiko|paramiko|2.4.1|=|| CVE-2018-7750|paramiko|paramiko|||1.17.6|< CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|< CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|< CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|< CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|< CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|< CVE-2018-7750|paramiko|paramiko|2.4.0|=|| CVE-2022-24302|paramiko|paramiko|||2.10.1|< CVE-2023-48795|paramiko|paramiko|||3.4.0|< Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb b/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb index a69ed72804..daf6386888 100644 --- a/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb +++ b/meta-python/recipes-devtools/python/python3-paramiko_3.5.1.bb @@ -18,3 +18,5 @@ RDEPENDS:${PN} += " \ python3-pynacl \ python3-unixadmin \ " + +CVE_PRODUCT = "paramiko:paramiko python_software_foundation:paramiko"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123008): https://lists.openembedded.org/g/openembedded-devel/message/123008 Mute This Topic: https://lists.openembedded.org/mt/116996765/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
