The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs.
See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785|agendaless|waitress|||1.3.1|<= CVE-2019-16786|agendaless|waitress|||1.3.1|< CVE-2019-16789|agendaless|waitress|||1.4.0|<= CVE-2019-16792|agendaless|waitress|||1.3.1|<= CVE-2020-5236|agendaless|waitress|1.4.2|=|| CVE-2022-24761|agendaless|waitress|||2.1.1|< CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|< CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|< CVE-2024-49769|agendaless|waitress|||3.0.1|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb index b8e90807cf..c495132c59 100644 --- a/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb +++ b/meta-python/recipes-devtools/python/python3-waitress_3.0.2.bb @@ -6,6 +6,8 @@ SECTION = "devel/python" LICENSE = "ZPL-2.1" LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=78ccb3640dc841e1baecb3e27a6966b2" +CVE_PRODUCT = "waitress" + RDEPENDS:${PN} += " \ python3-logging \ "
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123031): https://lists.openembedded.org/g/openembedded-devel/message/123031 Mute This Topic: https://lists.openembedded.org/mt/116999119/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
