The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the defauly python:pyjwt CPE doesn't match them.
See CVE db query: sqlite> select * from products where PRODUCT like '%pyjwt%'; CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<= CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|< CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=|| CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=|| Set the CVE_PRODUCT so it matches relevant CVEs. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index d23347878e..37675f1b63 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb @@ -8,6 +8,7 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" PYPI_PACKAGE = "pyjwt" +CVE_PRODUCT = "pyjwt" inherit pypi python_setuptools_build_meta RDEPENDS:${PN} = "\
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123025): https://lists.openembedded.org/g/openembedded-devel/message/123025 Mute This Topic: https://lists.openembedded.org/mt/116998045/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
