]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commit
projects / thirdparty / openembedded / openembedded-core-contrib.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 691b74a) | patch
python3: update CVE product
authorPeter Marko <peter.marko@siemens.com>
Wed, 9 Jul 2025 18:54:09 +0000 (20:54 +0200)
committerSteve Sakoman <steve@sakoman.com>
Mon, 14 Jul 2025 16:04:59 +0000 (09:04 -0700)
commit06f615e6939a22bc8f12b30d8dea582ab3ccebe6
tree01bf067aaab98a241c80e4312aa347a81e31645btree | snapshot
parent691b74a5d019752428adc81b114fb4458ece1ebecommit | diff
python3: update CVE product

There are two "new" CVEs reported for python3, their CPEs are:
* CVE-2020-1171: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
* CVE-2020-1192: cpe:2.3:a:microsoft:python:*:*:*:*:*:visual_studio_code:*:* (< 2020.5.0)
These are for "Visual Studio Code Python extension".

Solve this by addding CVE vendor to python CVE product to avoid
confusion with Microsoft as vendor.

Examining CVE DB for historical python entries shows:
sqlite> select vendor, product, count(*) from products where product = 'python' or product = 'cpython'
   ...> or product like 'python%3' group by vendor, product;
microsoft|python|2
python|python|1054
python_software_foundation|python|2

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Steve Sakoman <steve@sakoman.com>
meta/recipes-devtools/python/python3_3.10.18.bb diff | blob | blame | history
Mirror of git://git.openembedded.org/openembedded-core-contrib