The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes the the default python:werkzeug CPE to not match anything.
See CVE db query: sqlite> select * from products where PRODUCT like 'werkzeug'; CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|< CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|< CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|< CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|< CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<= CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|< CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|< CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|< CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=|| CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|< CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|< CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|< CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|< Set the CVE_PRODUCT so it matches the relevant entries. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb index 2cfb5864b1..0886dbfef1 100644 --- a/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb +++ b/meta-python/recipes-devtools/python/python3-werkzeug_3.1.4.bb @@ -12,6 +12,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=5dc88300786f1c214c1e9827a5229462" SRC_URI[sha256sum] = "cd3cd98b1b92dc3b7b3995038826c68097dcb16f9baa63abe35f20eafeb9fe5e" +CVE_PRODUCT = "werkzeug" + inherit pypi python_flit_core RDEPENDS:${PN} += " \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123023): https://lists.openembedded.org/g/openembedded-devel/message/123023 Mute This Topic: https://lists.openembedded.org/mt/116998043/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
