From 4fbf11954ab14ff77b6b475f744b9d744f31832a Mon Sep 17 00:00:00 2001
From: Gyorgy Sarvari <skandigraun@gmail.com>
Date: Wed, 31 Dec 2025 08:54:03 +0100
Subject: [PATCH] python3-pandas: set CVE_PRODUCT

Currently there is only one CVE associated with pandas, and it is tracked
using numfocus:pandas CPE by NIST instead of the default python:pandas from
pypi.bbclass.

See CVE db query:
sqlite> select * from products where product like 'pandas';
CVE-2020-13091|numfocus|pandas|||1.0.3|<=

Set the CVE_PRODUCT accodingly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
---
 meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb b/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb
index 60cc01800f..91333d129d 100644
--- a/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb
+++ b/meta-python/recipes-devtools/python/python3-pandas_2.2.3.bb
@@ -15,6 +15,8 @@ SRC_URI:append:class-target = " file://0001-BLD-add-option-to-specify-numpy-head
 
 SRC_URI[sha256sum] = "4f18ba62b61d7e192368b84517265a99b4d7ee8912f8708660fb4a366cc82667"
 
+CVE_PRODUCT = "pandas"
+
 inherit pkgconfig pypi python_mesonpy cython
 
 DEPENDS += " \