From: Gyorgy Sarvari <[email protected]>

Set correct CVE_PRODUCT - the default ${PN} value doesn't match relevant
CVEs.

See CVE query (n8n vendor is not relevant):
sqlite> select * from products where product like '%pydantic%';
CVE-2021-29510|pydantic|pydantic|||1.6.2|<
CVE-2021-29510|pydantic|pydantic|1.7|>=|1.7.4|<
CVE-2021-29510|pydantic|pydantic|1.8|>=|1.8.2|<
CVE-2024-3772|pydantic|pydantic|||1.10.13|<
CVE-2024-3772|pydantic|pydantic|2.0|>=|2.4.0|<
CVE-2025-55526|n8n|pydantic|2.11.7|=||

Signed-off-by: Gyorgy Sarvari <[email protected]>
Signed-off-by: Khem Raj <[email protected]>
(cherry picked from commit b4fd4a6217cc94bece31ac662815a13343888ee6)
Signed-off-by: Himanshu Jadon <[email protected]>
---
 meta-python/recipes-devtools/python/python3-pydantic_2.7.4.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-pydantic_2.7.4.bb 
b/meta-python/recipes-devtools/python/python3-pydantic_2.7.4.bb
index 04c9c91c0e..5c8d513317 100644
--- a/meta-python/recipes-devtools/python/python3-pydantic_2.7.4.bb
+++ b/meta-python/recipes-devtools/python/python3-pydantic_2.7.4.bb
@@ -15,6 +15,8 @@ SRC_URI[sha256sum] = 
"0c84efd9548d545f63ac0060c1e4d39bb9b14db8b3c0652338aecc07b5
 
 DEPENDS += "python3-hatch-fancy-pypi-readme-native"
 
+CVE_PRODUCT = "pydantic:pydantic"
+
 RDEPENDS:${PN} += "\
     python3-annotated-types \
     python3-core \
-- 
2.44.1

-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#127364): 
https://lists.openembedded.org/g/openembedded-devel/message/127364
Mute This Topic: https://lists.openembedded.org/mt/119613103/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to