From: Peter Marko <peter.marko@siemens.com>
Date: Sun, 26 Apr 2026 12:02:53 +0000 (+0200)
Subject: python3-requests: set status for CVE-2024-47081
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=19ffb4d9d759ff100f92f20770f3b68eecc289a7;p=thirdparty%2Fopenembedded%2Fopenembedded-core.git

python3-requests: set status for CVE-2024-47081

NVD [1] does not have CPE set.
Debian [2] shows comit from v2.32.4 as fix.

cvelistV5 [3] also says "< 2.32.4" however for cpe psf:requests.
Not sure why this is shown in CVE metrics.

[1] https://nvd.nist.gov/vuln/detail/CVE-2024-47081
[2] https://security-tracker.debian.org/tracker/CVE-2024-47081
[3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/47xxx/CVE-2024-47081.json

Signed-off-by: Peter Marko <peter.marko@siemens.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
---

diff --git a/meta/recipes-devtools/python/python3-requests_2.32.5.bb b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
index afcf1a99b3..3477a5d83e 100644
--- a/meta/recipes-devtools/python/python3-requests_2.32.5.bb
+++ b/meta/recipes-devtools/python/python3-requests_2.32.5.bb
@@ -34,3 +34,4 @@ CVE_PRODUCT = "requests"
 BBCLASSEXTEND = "native nativesdk"
 
 CVE_STATUS[CVE-2024-35195] = "fixed-version: fixed since 2.32.0"
+CVE_STATUS[CVE-2024-47081] = "fixed-version: fixed since 2.32.4"