The default python:orjson CPE fails to match related CVEs, because NVD tracks them using ijl:orjson CPE. Set CVE_PRODUCT accordingly.
See CVE db query: sqlite> select * from products where product like '%orjson%'; CVE-2024-27454|ijl|orjson|||3.9.15|< Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb b/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb index 7db76c9415..2209569aca 100644 --- a/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb +++ b/meta-python/recipes-devtools/python/python3-orjson_3.10.17.bb @@ -5,6 +5,8 @@ LIC_FILES_CHKSUM = "file://LICENSE-MIT;md5=b377b220f43d747efdec40d69fcaa69d" SRC_URI[sha256sum] = "28eeae6a15243966962b658dfcf7bae9e7bb1f3260dfcf0370dbd41f5ff6058b" +CVE_PRODUCT = "orjson" + require ${BPN}-crates.inc inherit pypi python_maturin cargo-update-recipe-crates
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123072): https://lists.openembedded.org/g/openembedded-devel/message/123072 Mute This Topic: https://lists.openembedded.org/mt/117009283/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
