From: Peter Marko <[email protected]> NVD [1] does not have CPE set. Debian [2] shows comit from v2.32.4 as fix.
cvelistV5 [3] also says "< 2.32.4" however for cpe psf:requests. Not sure why this is shown in CVE metrics. [1] https://nvd.nist.gov/vuln/detail/CVE-2024-47081 [2] https://security-tracker.debian.org/tracker/CVE-2024-47081 [3] https://github.com/CVEProject/cvelistV5/blob/main/cves/2024/47xxx/CVE-2024-47081.json Signed-off-by: Peter Marko <[email protected]> Signed-off-by: Richard Purdie <[email protected]> (cherry picked from commit 19ffb4d9d759ff100f92f20770f3b68eecc289a7) Signed-off-by: Yoann Congal <[email protected]> --- meta/recipes-devtools/python/python3-requests_2.32.5.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta/recipes-devtools/python/python3-requests_2.32.5.bb b/meta/recipes-devtools/python/python3-requests_2.32.5.bb index afcf1a99b36..3477a5d83e9 100644 --- a/meta/recipes-devtools/python/python3-requests_2.32.5.bb +++ b/meta/recipes-devtools/python/python3-requests_2.32.5.bb @@ -34,3 +34,4 @@ CVE_PRODUCT = "requests" BBCLASSEXTEND = "native nativesdk" CVE_STATUS[CVE-2024-35195] = "fixed-version: fixed since 2.32.0" +CVE_STATUS[CVE-2024-47081] = "fixed-version: fixed since 2.32.4"
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#236655): https://lists.openembedded.org/g/openembedded-core/message/236655 Mute This Topic: https://lists.openembedded.org/mt/119210612/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
