There is only one relevant CVE in the database, but it is tracked using
svglib_project:svglib CPE, not the expected python:svglib CPE, making the
cve-checker miss it.
See CVE db query:
sqlite> select * from products where product like '%svglib%';
CVE-2020-10799|svglib_project|svglib|||0.9.3|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs for this recipe are tracked using webargs_project:webargs
CPE, which makes the default python:webargs CPE to miss CVEs.
See CVE db query:
sqlite> select * from products where product like '%webargs%';
CVE-2019-9710|webargs_project|webargs|||5.1.3|<
CVE-2020-7965|webargs_project|webargs|5.0.0|>=|5.5.2|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs related to this project are tracked using the validators_project:validators
CPE, which doesn't match the default python:validators CPE.
See CVE db query:
sqlite> select * from products where product like 'validators';
CVE-2019-19588|validators_project|validators|0.12.2|>=|0.12.5|<=
CVE-2023-45813|validators_project|validators|0.11.0|=||
CVE-2023-45813|validators_project|validators|0.20.0|=||
Set the CVE_PRODUCT so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs to this recipe are tracked using reportlab:reportlab
CPE, which doesn't match the default python:reportlab CPE, so the cve-checker
misses CVEs.
See CVE db query:
sqlite> select * from products where product like '%reportlab%';
CVE-2019-17626|reportlab|reportlab|||3.5.26|<=|0
CVE-2019-19450|reportlab|reportlab|||3.5.31|<|0
CVE-2020-28463|reportlab|reportlab|-||||0
CVE-2023-33733|reportlab|reportlab|||3.6.12|<=|0
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<
Set CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The CVEs for this project are tracked under nltk:nltk CPE, which doesn't
match the default python:nltk CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'nltk';
CVE-2019-14751|nltk|nltk|||3.4.5|<
CVE-2021-3828|nltk|nltk|||3.6.3|<=
CVE-2021-3842|nltk|nltk|||3.6.6|<
CVE-2021-43854|nltk|nltk|||3.6.5|<
Set the CVE_PRODUCT so it can be used to match CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one related CVE tracked by nist, using the parso_project:parso CPE,
which doesn't match the default python:parso CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'parso';
CVE-2019-12760|parso_project|parso|||0.4.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:marshmallow CPE doesn't match the CVEs related to this
product, as they are tracked with marshmallow_project:marshmallow CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'marshmallow';
CVE-2018-17175|marshmallow_project|marshmallow|||2.15.1|<
CVE-2018-17175|marshmallow_project|marshmallow|3.0|>=|3.0.0b9|<
Set the CVE_PRODUCT so it matches related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:flask CPE doesn't match relevant CVE entries which are
tracked under palletsprojects:flask CPE.
See CVE db query:
sqlite> select * from products where PRODUCT like 'flask';
CVE-2018-1000656|palletsprojects|flask|||0.12.3|<
CVE-2019-1010083|palletsprojects|flask|||1.0|<
CVE-2023-30861|palletsprojects|flask|||2.2.5|<
CVE-2023-30861|palletsprojects|flask|2.3.0|>=|2.3.2|<
Set the CVE_PRODUCT to "flask" so it matches relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is only one relevant CVE associated with this recipe in the CVE db,
but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn
(which is the default CPE from pypi.bbclass)
See CVE db query:
sqlite> select * from products where PRODUCT like '%gunicorn%';
CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=||
Set CVE_PRODUCT so that it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
This recipe's CVEs are tracked using supervisord:supervisor CPE by nist,
so the default python:supervisor CPE doesn't match relevant CVEs.
See CVE db query (home-assisstant vendor is not relevant):
sqlite> select * from products where PRODUCT like 'supervisor';
CVE-2017-11610|supervisord|supervisor|||3.0|<=
CVE-2017-11610|supervisord|supervisor|3.1.0|=||
CVE-2017-11610|supervisord|supervisor|3.1.1|=||
CVE-2017-11610|supervisord|supervisor|3.1.2|=||
CVE-2017-11610|supervisord|supervisor|3.1.3|=||
CVE-2017-11610|supervisord|supervisor|3.2.0|=||
CVE-2017-11610|supervisord|supervisor|3.2.1|=||
CVE-2017-11610|supervisord|supervisor|3.2.2|=||
CVE-2017-11610|supervisord|supervisor|3.2.3|=||
CVE-2017-11610|supervisord|supervisor|3.3.0|=||
CVE-2017-11610|supervisord|supervisor|3.3.1|=||
CVE-2017-11610|supervisord|supervisor|3.3.2|=||
CVE-2019-12105|supervisord|supervisor|||4.0.2|<=
CVE-2023-27482|home-assistant|supervisor|||2023.03.1|<
Set the CVE_PRODUCT explicitly to match relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using pyjwt_project:pyjwt CPE, so the
defauly python:pyjwt CPE doesn't match them.
See CVE db query:
sqlite> select * from products where PRODUCT like '%pyjwt%';
CVE-2017-11424|pyjwt_project|pyjwt|||1.5.0|<=
CVE-2022-29217|pyjwt_project|pyjwt|1.5.0|>=|2.4.0|<
CVE-2024-53861|pyjwt_project|pyjwt|2.10.0|=||
CVE-2025-45768|pyjwt_project|pyjwt|2.10.1|=||
Set the CVE_PRODUCT so it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are currently 2 related CVEs in the NIST db, both of them are tracked with
html5lib:html5lib CPE, so the default python:html5lib CPE doesn't match.
See CVE db query:
sqlite> select * from products where PRODUCT like '%html5lib%';
CVE-2016-9909|html5lib|html5lib|||0.99999999|<=
CVE-2016-9910|html5lib|html5lib|||0.99999999|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked using palletsprojects:werkzeug CPE, which makes
the the default python:werkzeug CPE to not match anything.
See CVE db query:
sqlite> select * from products where PRODUCT like 'werkzeug';
CVE-2016-10516|palletsprojects|werkzeug|||0.11.11|<
CVE-2019-14322|palletsprojects|werkzeug|||0.15.5|<
CVE-2019-14806|palletsprojects|werkzeug|||0.15.3|<
CVE-2020-28724|palletsprojects|werkzeug|||0.11.6|<
CVE-2022-29361|palletsprojects|werkzeug|||2.1.0|<=
CVE-2023-23934|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-25577|palletsprojects|werkzeug|||2.2.3|<
CVE-2023-46136|palletsprojects|werkzeug|||2.3.8|<
CVE-2023-46136|palletsprojects|werkzeug|3.0.0|=||
CVE-2024-34069|palletsprojects|werkzeug|||3.0.3|<
CVE-2024-49766|palletsprojects|werkzeug|||3.0.6|<
CVE-2024-49767|palletsprojects|werkzeug|||3.0.6|<
CVE-2025-66221|palletsprojects|werkzeug|||3.1.4|<
Set the CVE_PRODUCT so it matches the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The only related CVE to this recipe is tracked using tqdm_project:tqdm
CPE, so the default python:tqdm CPE doesn't match it.
See relevant CVE db query:
sqlite> select * from products where PRODUCT like 'tqdm';
CVE-2016-10075|tqdm_project|tqdm|4.4.1|=||
CVE-2016-10075|tqdm_project|tqdm|4.10|=||
Set the CVE_PRODUCT so it can match related CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
ipython CVEs are tracked using ipython:ipython CPE, so the default
python:ipython CVE_PRODUCT doesn't match relevant CPEs.
See CVE db query:
sqlite> select * from products where PRODUCT like 'ipython';
CVE-2015-4706|ipython|ipython|3.0.0|=||
CVE-2015-4706|ipython|ipython|3.1.0|=||
CVE-2015-4707|ipython|ipython|||3.2.0|<
CVE-2015-5607|ipython|ipython|2.0.0|=||
CVE-2015-5607|ipython|ipython|2.1.0|=||
CVE-2015-5607|ipython|ipython|2.2.0|=||
CVE-2015-5607|ipython|ipython|2.3.0|=||
CVE-2015-5607|ipython|ipython|2.3.1|=||
CVE-2015-5607|ipython|ipython|2.4.0|=||
CVE-2015-5607|ipython|ipython|2.4.1|=||
CVE-2015-5607|ipython|ipython|3.0.0|=||
CVE-2015-5607|ipython|ipython|3.1.0|=||
CVE-2015-5607|ipython|ipython|3.2.0|=||
CVE-2015-5607|ipython|ipython|3.2.1|=||
CVE-2015-5607|ipython|ipython|3.2.2|=||
CVE-2015-5607|ipython|ipython|3.2.3|=||
CVE-2022-21699|ipython|ipython|||5.10.0|<=
CVE-2022-21699|ipython|ipython|6.0.0|>=|7.16.3|<
CVE-2022-21699|ipython|ipython|7.17.0|>=|7.31.1|<
CVE-2022-21699|ipython|ipython|8.0.0|>=|8.0.1|<
CVE-2023-24816|ipython|ipython|||8.10.0|<
Set the CVE_PRODUCT accordingly to match the relevant entries.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST currently tracks CVEs under at least 2 different CPEs for this recipe,
but neither of them is python:m2crypto (the default CVE_PRODUCT).
See CVE db query:
sqlite> select * from products where PRODUCT like '%m2crypto%';
CVE-2009-0127|heikkitoivonen|m2crypto|-|||
CVE-2020-25657|m2crypto_project|m2crypto|-|||
CVE-2023-50781|m2crypto_project|m2crypto|-|||
Set the CVE_PRODUCT to match the relevant CPEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The related CVEs are tracked with twisted:twisted CPE, so the
default python:twisted CPE doesn't match any entries.
See CVE db query:
sqlite> select * from products where PRODUCT = 'twisted';
CVE-2014-7143|twisted|twisted|14.0.0|=||
CVE-2016-1000111|twisted|twisted|||16.3.1|<
CVE-2019-12387|twisted|twisted|||19.2.1|<
CVE-2019-12855|twisted|twisted|||19.2.1|<=
CVE-2020-10108|twisted|twisted|||19.10.0|<=
CVE-2020-10109|twisted|twisted|||19.10.0|<=
CVE-2022-21712|twisted|twisted|11.1.0|>=|22.1.0|<
CVE-2022-21716|twisted|twisted|21.7.0|>=|22.2.0|<
CVE-2022-24801|twisted|twisted|||22.4.0|<
CVE-2022-39348|twisted|twisted|0.9.4|>=|22.10.0|<
CVE-2023-46137|twisted|twisted|||22.8.0|<=
CVE-2024-41810|twisted|twisted|||24.3.0|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The relevant CVEs are tracked with python-ldap:python-ldap CPE, not
python:python-ldap.
See CVE db query:
sqlite> select * from products where PRODUCT like '%python-ldap%';
CVE-2021-46823|python-ldap|python-ldap|||3.4.0|<
CVE-2025-61911|python-ldap|python-ldap|||3.4.5|<
CVE-2025-61912|python-ldap|python-ldap|||3.4.5|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There is one relevant CVE tracked using the simplejson_prject:simplejson
CPE, and no entries tracked with python:simplejson.
See CVE db query:
sqlite> select * from products where PRODUCT like '%simplejson%';
CVE-2014-4616|simplejson_project|simplejson|||2.6.1|<
Set the CVE_PRODUCT accordingly
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Relevant CVEs are tracked with pywbem_project:pywbem CPE instead of
the (previously) expected python:pywbem.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pywbem';
CVE-2013-6418|pywbem_project|pywbem|||0.7|<=
CVE-2013-6444|pywbem_project|pywbem|||0.7|<=
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are relevant CVEs tracked under two different CPEs:
python:virtualenv (the default in OE), and virtualenv:virtualenv (these were missed).
See CVE db query:
sqlite> select * from products where PRODUCT = 'virtualenv';
CVE-2011-4617|python|virtualenv|||1.4.9|<=
CVE-2011-4617|python|virtualenv|0.8|=||
CVE-2011-4617|python|virtualenv|0.8.1|=||
CVE-2011-4617|python|virtualenv|0.8.2|=||
CVE-2011-4617|python|virtualenv|0.8.3|=||
CVE-2011-4617|python|virtualenv|0.8.4|=||
CVE-2011-4617|python|virtualenv|0.9|=||
CVE-2011-4617|python|virtualenv|0.9.1|=||
CVE-2011-4617|python|virtualenv|0.9.2|=||
CVE-2011-4617|python|virtualenv|1.0|=||
CVE-2011-4617|python|virtualenv|1.1|=||
CVE-2011-4617|python|virtualenv|1.1.1|=||
CVE-2011-4617|python|virtualenv|1.2|=||
CVE-2011-4617|python|virtualenv|1.3|=||
CVE-2011-4617|python|virtualenv|1.3.1|=||
CVE-2011-4617|python|virtualenv|1.3.2|=||
CVE-2011-4617|python|virtualenv|1.3.3|=||
CVE-2011-4617|python|virtualenv|1.3.4|=||
CVE-2011-4617|python|virtualenv|1.4|=||
CVE-2011-4617|python|virtualenv|1.4.1|=||
CVE-2011-4617|python|virtualenv|1.4.2|=||
CVE-2011-4617|python|virtualenv|1.4.3|=||
CVE-2011-4617|python|virtualenv|1.4.4|=||
CVE-2011-4617|python|virtualenv|1.4.5|=||
CVE-2011-4617|python|virtualenv|1.4.6|=||
CVE-2011-4617|python|virtualenv|1.4.7|=||
CVE-2011-4617|python|virtualenv|1.4.8|=||
CVE-2013-5123|virtualenv|virtualenv|12.0.7|=||
CVE-2024-53899|virtualenv|virtualenv|||20.26.6|<
Set the CVE_PRODUCT so both are matched.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
There are no CVEs tracked with python:httplib2 CPE, but there
are multiple ones tracked under httplib2_project:hgttplib2 CPE
(and they are related to this recipe).
See CVE db query:
sqlite> select * from products where PRODUCT = 'httplib2';
CVE-2013-2037|httplib2_project|httplib2|||0.7.2|<=
CVE-2013-2037|httplib2_project|httplib2|0.8|=||
CVE-2020-11078|httplib2_project|httplib2|||0.18.0|<
CVE-2021-21240|httplib2_project|httplib2|||0.19.0|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
At least one CVE is tracked by debian:matplotlib CPE (and no CVEs are
tracked by the defaul python:matplotlib CPE).
See CVE db query:
sqlite> select * from products where PRODUCT = 'matplotlib';
CVE-2013-1424|debian|matplotlib|0.99.3-1|>=|1.4.2-3.1|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
NIST tracks related CVEs with pyrad_project CPE vendor instead of "python".
Set the CVE_PRODUCT to pyrad, so both can be matched.
See CVE db query:
sqlite> select * from products where PRODUCT = 'pyrad';
CVE-2013-0294|pyrad_project|pyrad|||2.1|<
CVE-2013-0342|pyrad_project|pyrad|||2.1|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The product's CPE doesn't use "python" as the vendor, set the CVE_PRODUCT
accordingly.
See CVE db query:
sqlite> select * from products where PRODUCT = 'tweepy';
CVE-2012-5825|tweepy|tweepy|-|||
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default python:sqlalchemy CPE fails to match CVEs, because the CVEs
are associated with sqlalchemy:sqlalchemy CPE.
See CVE db query:
sqlite> select * from products where PRODUCT = 'sqlalchemy';
CVE-2012-0805|sqlalchemy|sqlalchemy|||0.7.0|<=
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.0_beta3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.2|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.3|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.4|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.5|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.6|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.6.7|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b1|=||
CVE-2012-0805|sqlalchemy|sqlalchemy|0.7.0_b2|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|||1.2.17|<=
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta1|=||
CVE-2019-7164|sqlalchemy|sqlalchemy|1.3.0_beta2|=||
CVE-2019-7548|sqlalchemy|sqlalchemy|1.2.17|=||
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Set correct CVE_PRODUCT for paramiko. The default python:paramiko value
doesn't match CVEs, because the product has its own set of CPEs associated
with CVEs.
See CVE db query:
sqlite> select * from products where PRODUCT = 'paramiko';
CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=||
CVE-2018-1000805|paramiko|paramiko|1.17.6|=||
CVE-2018-1000805|paramiko|paramiko|1.18.5|=||
CVE-2018-1000805|paramiko|paramiko|2.0.8|=||
CVE-2018-1000805|paramiko|paramiko|2.1.5|=||
CVE-2018-1000805|paramiko|paramiko|2.2.3|=||
CVE-2018-1000805|paramiko|paramiko|2.3.2|=||
CVE-2018-1000805|paramiko|paramiko|2.4.1|=||
CVE-2018-7750|paramiko|paramiko|||1.17.6|<
CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|<
CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|<
CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|<
CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|<
CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|<
CVE-2018-7750|paramiko|paramiko|2.4.0|=||
CVE-2022-24302|paramiko|paramiko|||2.10.1|<
CVE-2023-48795|paramiko|paramiko|||3.4.0|<
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default "python:tornado" CVE_PRODUCT doesn't match relevant CVEs, because
the project's CPE is "tornadoweb:tornado".
See cve db query (docmosis is an irrelevant vendor):
sqlite> select * from products where PRODUCT = 'tornado';
CVE-2012-2374|tornadoweb|tornado|||2.2|<=
CVE-2012-2374|tornadoweb|tornado|1.0|=||
CVE-2012-2374|tornadoweb|tornado|1.0.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.1.1|=||
CVE-2012-2374|tornadoweb|tornado|1.2|=||
CVE-2012-2374|tornadoweb|tornado|1.2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.0|=||
CVE-2012-2374|tornadoweb|tornado|2.1|=||
CVE-2012-2374|tornadoweb|tornado|2.1.1|=||
CVE-2014-9720|tornadoweb|tornado|||3.2.2|<
CVE-2023-25264|docmosis|tornado|||2.9.5|<
CVE-2023-25265|docmosis|tornado|||2.9.5|<
CVE-2023-25266|docmosis|tornado|||2.9.5|<
CVE-2023-28370|tornadoweb|tornado|||6.3.2|<
CVE-2024-42733|docmosis|tornado|||2.9.7|<=
CVE-2024-52804|tornadoweb|tornado|||6.4.2|<
CVE-2025-47287|tornadoweb|tornado|||6.5.0|<
CVE-2025-67724|tornadoweb|tornado|||6.5.3|<
CVE-2025-67725|tornadoweb|tornado|||6.5.3|<
CVE-2025-67726|tornadoweb|tornado|||6.5.3|<
Set the CVE_PRODUCT accordingly.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
The default, "python:cbor2" CVE_PRODUCT is not appropriate for this
recipe, because most associated CVEs use "agronholm:cbor2" CPE.
Set the CVE_PRODUCT to cbor2, so it will match the currently used
CPE, and in case there will be future python:cbor2 CPEs also, they
will be matched too.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
=============
- Simplify code for osdetect
- Fix and improve configuration for cmake builds
- Modernize some for loops and fix some signed/unsigned issues
- Cmake optimization with warp2
- Update checkout action
- chore: fix cyrillic typo
- Move version info. to appropriate ALTO element
- CI: Remove unneeded export statements from cmake workflow for macOS
- Bump actions/checkout from 5 to 6
- Bump github/codeql-action from 2 to 4
- Bump actions/upload-artifact from 4 to 5
- Bump mikepenz/action-junit-report from 4 to 6
- Bump actions/upload-artifact from 5 to 6
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
