Details: https://nvd.nist.gov/vuln/detail/CVE-2020-7694
The vulnerability was reported to the project[1], and the commit[2] that resolved the issue has been part of the project since version 0.11.7. Mark the CVE as patched due to this. [1]: https://github.com/Kludex/uvicorn/issues/723 [2]: https://github.com/Kludex/uvicorn/commit/895807f94ea9a8e588605c12076b7d7517cda503 Signed-off-by: Gyorgy Sarvari <[email protected]> --- meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb | 1 + 1 file changed, 1 insertion(+) diff --git a/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb b/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb index 3013ff50d0..227202b8cc 100644 --- a/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb +++ b/meta-python/recipes-devtools/python/python3-uvicorn_0.40.0.bb @@ -12,6 +12,7 @@ inherit pypi python_hatchling ptest-python-pytest PYPI_PACKAGE = "uvicorn" CVE_PRODUCT = "encode:uvicorn" +CVE_STATUS[CVE-2020-7694] = "fixed-version: The vulnerability has been fixed since 0.11.7" RDEPENDS:${PN} = "\ python3-click \
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#123304): https://lists.openembedded.org/g/openembedded-devel/message/123304 Mute This Topic: https://lists.openembedded.org/mt/117175368/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-devel/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
