Details: https://nvd.nist.gov/vuln/detail/CVE-2025-45768
The CVE is disputed: though the vulnerability is there, but it comes from incorrect configuration of the library by the main application. Due to this, ignore this CVE. Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb index d23347878e..3954c526f5 100644 --- a/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb +++ b/meta-python/recipes-devtools/python/python3-pyjwt_2.10.1.bb @@ -8,6 +8,8 @@ LIC_FILES_CHKSUM = "file://LICENSE;md5=e4b56d2c9973d8cf54655555be06e551" SRC_URI[sha256sum] = "3cc5772eb20009233caf06e9d8a0577824723b44e6648ee0a2aedb6cf9381953" PYPI_PACKAGE = "pyjwt" +CVE_STATUS[CVE-2025-45768] = "disputed: vulnerability can be avoided if the library is used correctly" + inherit pypi python_setuptools_build_meta RDEPENDS:${PN} = "\
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#124187): https://lists.openembedded.org/g/openembedded-devel/message/124187 Mute This Topic: https://lists.openembedded.org/mt/117649902/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
