The relevant CVEs are tracked with joblib_project:joblib CPE, and the default python:joblib CPE doesn't match this. Set the CVE_PRODUCT accordingly.
See CVE db query: sqlite> select * from products where product like '%joblib%'; CVE-2022-21797|joblib_project|joblib|||1.1.1|< CVE-2024-34997|joblib_project|joblib|1.4.2|=|| Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb b/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb index 3dd1b57aaa..46b89ba267 100644 --- a/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb +++ b/meta-python/recipes-devtools/python/python3-joblib_1.5.3.bb @@ -6,6 +6,8 @@ inherit python_setuptools_build_meta pypi SRC_URI[sha256sum] = "8561a3269e6801106863fd0d6d84bb737be9e7631e33aaed3fb9ce5953688da3" +CVE_PRODUCT = "joblib" + RDEPENDS:${PN} += " \ python3-asyncio \ python3-json \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123061): https://lists.openembedded.org/g/openembedded-devel/message/123061 Mute This Topic: https://lists.openembedded.org/mt/117009262/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
