The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs.
Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330|aiohttp|aiohttp|||3.7.4|< CVE-2022-33124|aiohttp|aiohttp|3.8.1|=|| CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<= CVE-2023-47627|aiohttp|aiohttp|||3.8.6|< CVE-2023-47641|aiohttp|aiohttp|||3.8.0|< CVE-2023-49081|aiohttp|aiohttp|||3.9.0|< CVE-2023-49082|aiohttp|aiohttp|||3.9.0|< CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|< CVE-2024-23829|aiohttp|aiohttp|||3.9.2|< CVE-2024-27306|aiohttp|aiohttp|||3.9.4|< CVE-2024-30251|aiohttp|aiohttp|||3.9.4|< CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|< CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|< CVE-2024-52304|aiohttp|aiohttp|||3.10.11|< CVE-2025-53643|aiohttp|aiohttp|||3.12.14|< Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb index e249f99860..df5d674a3d 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41" SRC_URI[sha256sum] = "40176a52c186aefef6eb3cad2cdd30cd06e3afbe88fe8ab2af9c0b90f228daca" +CVE_PRODUCT = "aiohttp" + inherit python_setuptools_build_meta pypi DEPENDS = "python3-pkgconfig-native"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123047): https://lists.openembedded.org/g/openembedded-devel/message/123047 Mute This Topic: https://lists.openembedded.org/mt/117009247/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
