From 139cc15de304918edc0197346579162b12006faa Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Tue, 30 Dec 2025 13:24:45 +0100 Subject: [PATCH] python3-tornado: set CVE_PRODUCT The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because the project's CPE is "tornadoweb:tornado". See cve db query (docmosis is an irrelevant vendor): sqlite> select * from products where PRODUCT = 'tornado'; CVE-2012-2374|tornadoweb|tornado|||2.2|<= CVE-2012-2374|tornadoweb|tornado|1.0|=|| CVE-2012-2374|tornadoweb|tornado|1.0.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.1.1|=|| CVE-2012-2374|tornadoweb|tornado|1.2|=|| CVE-2012-2374|tornadoweb|tornado|1.2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.0|=|| CVE-2012-2374|tornadoweb|tornado|2.1|=|| CVE-2012-2374|tornadoweb|tornado|2.1.1|=|| CVE-2014-9720|tornadoweb|tornado|||3.2.2|< CVE-2023-25264|docmosis|tornado|||2.9.5|< CVE-2023-25265|docmosis|tornado|||2.9.5|< CVE-2023-25266|docmosis|tornado|||2.9.5|< CVE-2023-28370|tornadoweb|tornado|||6.3.2|< CVE-2024-42733|docmosis|tornado|||2.9.7|<= CVE-2024-52804|tornadoweb|tornado|||6.4.2|< CVE-2025-47287|tornadoweb|tornado|||6.5.0|< CVE-2025-67724|tornadoweb|tornado|||6.5.3|< CVE-2025-67725|tornadoweb|tornado|||6.5.3|< CVE-2025-67726|tornadoweb|tornado|||6.5.3|< Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb b/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb index 9b43d98e1c..661ec039ce 100644 --- a/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb +++ b/meta-python/recipes-devtools/python/python3-tornado_6.5.4.bb @@ -38,4 +38,6 @@ FILES:${PN}-test = " \ ${PYTHON_SITEPACKAGES_DIR}/*/test \ " +CVE_PRODUCT = "tornadoweb:tornado" + BBCLASSEXTEND += "native nativesdk"