From f04728af2866cf51fac499bd40417b04200e4b0d Mon Sep 17 00:00:00 2001 From: Gyorgy Sarvari Date: Wed, 31 Dec 2025 08:54:09 +0100 Subject: [PATCH] python3-aiohttp: set CVE_PRODUCT The related CVEs are tracked using aiohttp:aiohttp CPE, so the default python:aiohttp CPE doesn't match relevant CVEs. Set the CVE_PRODUCT accordingly. See CVE db query: sqlite> select * from products where product like 'aiohttp'; CVE-2021-21330|aiohttp|aiohttp|||3.7.4|< CVE-2022-33124|aiohttp|aiohttp|3.8.1|=|| CVE-2023-37276|aiohttp|aiohttp|||3.8.4|<= CVE-2023-47627|aiohttp|aiohttp|||3.8.6|< CVE-2023-47641|aiohttp|aiohttp|||3.8.0|< CVE-2023-49081|aiohttp|aiohttp|||3.9.0|< CVE-2023-49082|aiohttp|aiohttp|||3.9.0|< CVE-2024-23334|aiohttp|aiohttp|1.0.5|>=|3.9.2|< CVE-2024-23829|aiohttp|aiohttp|||3.9.2|< CVE-2024-27306|aiohttp|aiohttp|||3.9.4|< CVE-2024-30251|aiohttp|aiohttp|||3.9.4|< CVE-2024-42367|aiohttp|aiohttp|3.10.0|>=|3.10.2|< CVE-2024-52303|aiohttp|aiohttp|3.10.6|>=|3.10.11|< CVE-2024-52304|aiohttp|aiohttp|||3.10.11|< CVE-2025-53643|aiohttp|aiohttp|||3.12.14|< Signed-off-by: Gyorgy Sarvari Signed-off-by: Khem Raj --- meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb index e249f99860..df5d674a3d 100644 --- a/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb +++ b/meta-python/recipes-devtools/python/python3-aiohttp_3.13.2.bb @@ -6,6 +6,8 @@ LIC_FILES_CHKSUM = "file://LICENSE.txt;md5=748073912af33aa59430d3702aa32d41" SRC_URI[sha256sum] = "40176a52c186aefef6eb3cad2cdd30cd06e3afbe88fe8ab2af9c0b90f228daca" +CVE_PRODUCT = "aiohttp" + inherit python_setuptools_build_meta pypi DEPENDS = "python3-pkgconfig-native"