]> git.ipfire.org Git - thirdparty/openembedded/openembedded-core-contrib.git/commitdiff
projects / thirdparty / openembedded / openembedded-core-contrib.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1036bec)
python3: add cpython to CVE_PRODUCT
authorChen Qi <Qi.Chen@windriver.com>
Wed, 27 Sep 2023 07:14:38 +0000 (00:14 -0700)
committerRichard Purdie <richard.purdie@linuxfoundation.org>
Thu, 28 Sep 2023 11:37:44 +0000 (12:37 +0100)
https://nvd.nist.gov/vuln/detail/CVE-2023-33595 uses 'cpython'.
Although it's currently the only one that uses cpython, let's add
cpython to CVE_PRODUCT, just in case.

Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
meta/recipes-devtools/python/python3_3.11.5.bb patch | blob | blame | history

diff --git a/meta/recipes-devtools/python/python3_3.11.5.bb b/meta/recipes-devtools/python/python3_3.11.5.bb
index 6c624c9d3d5c823c2aff41efccfaff0e37885f41..8e023c7dfb84ec270a020cab6a8631a460aab706 100644 (file)
--- a/meta/recipes-devtools/python/python3_3.11.5.bb
+++ b/meta/recipes-devtools/python/python3_3.11.5.bb
@@ -46,7 +46,7 @@ SRC_URI[sha256sum] = "85cd12e9cf1d6d5a45f17f7afe1cebe7ee628d3282281c492e86adf636
 UPSTREAM_CHECK_REGEX = "[Pp]ython-(?P<pver>\d+(\.\d+)+).tar"
 UPSTREAM_CHECK_URI = "https://www.python.org/downloads/source/"
 
-CVE_PRODUCT = "python"
+CVE_PRODUCT = "python cpython"
 
 CVE_STATUS[CVE-2007-4559] = "disputed: Upstream consider this expected behaviour"
 CVE_STATUS[CVE-2019-18348] = "not-applicable-config: This is not exploitable when glibc has CVE-2016-10739 fixed"
Mirror of git://git.openembedded.org/openembedded-core-contrib