From: Peter Marko <[email protected]> NVD [1] does not have CPE set. Debian [2] shows comit from v2.32.0 as fix.
cvelistV5 [3] also says "< 2.32.0", posibly "defaultStatus": "unknown" is causing it to appear in CVE metrics... [1] https://nvd.nist.gov/vuln/detail/CVE-2024-35195 [2] https://security-tracker.debian.org/tracker/CVE-2024-35195 [3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/35xxx/CVE-2024-35195.json Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 7cef5ee0b5ce16c7dfbb836c95f41a0b7c5a82eb) Signed-off-by: Yoann Congal <[email protected]> --- meta/recipes-devtools/python/python3-requests_2.32.5.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta/recipes-devtools/python/python3-requests_2.32.5.bb b/meta/recipes-devtools/python/python3-requests_2.32.5.bb index 0eb9765b633..afcf1a99b36 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.5.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.5.bb @@ -32,3 +32,5 @@ FILES:${PN}:append:class-nativesdk = " ${SDKPATHNATIVE}/environment-setup.d/pyth CVE_PRODUCT = "requests" BBCLASSEXTEND = "native nativesdk" + +CVE_STATUS[CVE-2024-35195] = "fixed-version: fixed since 2.32.0"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236654): https://lists.openembedded.org/g/openembedded-core/message/236654 Mute This Topic: https://lists.openembedded.org/mt/119210611/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
