From 49ced801223b8f55112aea38cce14ba1cc64de03 Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Tue, 30 Dec 2025 13:24:47 +0100 Subject: [PATCH] python3-sqlalchemy: set CVE_PRODUCT The default python:sqlalchemy CPE fails to match CVEs, because the CVEs are associated with sqlalchemy:sqlalchemy CPE. See CVE db query: sqlite> select * from products where PRODUCT = 'sqlalchemy'; CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<= CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=|| CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<= CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=|| CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=|| CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=|| Set the CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- .../recipes-devtools/python/python3-sqlalchemy_2.0.45.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb index 6c6b95ceaa..f7d8f383f2 100644 --- a/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb +++ b/meta-python/recipes-devtools/python/python3-sqlalchemy_2.0.45.bb @@ -21,4 +21,6 @@ RDEPENDS:${PN} += " \ python3-typing-extensions \ " +CVE_PRODUCT = "sqlalchemy" + BBCLASSEXTEND = "native nativesdk"