[oe] [meta-python][PATCH 03/10] python3-sqlalchemy: set CVE_PRODUCT

Tue, 30 Dec 2025 04:33:41 -0800 

The default python:sqlalchemy CPE fails to match CVEs, because the CVEs
are associated with sqlalchemy:sqlalchemy CPE.

See CVE db query:
sqlite> select * from products where PRODUCT = 'sqlalchemy';
CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<=
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<=
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=||
CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=||

Set the CVE_PRODUCT accordingly.

Signed-off-by: Gyorgy Sarvari <[email protected]>
---
 .../recipes-devtools/python/python3-sqlalchemy_2.0.45.bb        | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb 
b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb
index 6c6b95ceaa..f7d8f383f2 100644
--- a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb
+++ b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb
@@ -21,4 +21,6 @@ RDEPENDS:${PN} += " \
     python3-typing-extensions \
 "
 
+CVE_PRODUCT = "sqlalchemy"
+
 BBCLASSEXTEND = "native nativesdk"

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#123009): 
https://lists.openembedded.org/g/openembedded-devel/message/123009
Mute This Topic: https://lists.openembedded.org/mt/116996766/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to