meta-openembedded

MIRRORS/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-27 12:01:38 +01:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	16c2efd07b	python3-waitress: set CVE_PRODUCT The CVEs for this recipes are tracked using the agendaless:waitress CPE, which doesn't match the default python:waitress CPE, making the cve-checker miss relevant CVEs. See CVE db query: sqlite> select * from products where PRODUCT like 'waitress'; CVE-2019-16785\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2019-16786\|agendaless\|waitress\|\|\|1.3.1\|< CVE-2019-16789\|agendaless\|waitress\|\|\|1.4.0\|<= CVE-2019-16792\|agendaless\|waitress\|\|\|1.3.1\|<= CVE-2020-5236\|agendaless\|waitress\|1.4.2\|=\|\| CVE-2022-24761\|agendaless\|waitress\|\|\|2.1.1\|< CVE-2022-31015\|agendaless\|waitress\|2.1.0\|>=\|2.1.2\|< CVE-2024-49768\|agendaless\|waitress\|2.0.0\|>=\|3.0.1\|< CVE-2024-49769\|agendaless\|waitress\|\|\|3.0.1\|< Set CVE_PRODUCT accordingly. Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:56 -08:00
Leon Anavi	72524d02e7	python3-waitress: Upgrade 3.0.0 -> 3.0.2 Upgrade to version 3.0.2: - When using Waitress to process trusted proxy headers, Waitress will now update the headers to drop any untrusted values, thereby making sure that WSGI apps only get trusted and validated values that Waitress itself used to update the environ. Signed-off-by: Leon Anavi <leon.anavi@konsulko.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2024-11-29 07:56:57 -08:00

Author

SHA1

Message

Date

Gyorgy Sarvari

16c2efd07b

python3-waitress: set CVE_PRODUCT

The CVEs for this recipes are tracked using the agendaless:waitress CPE,
which doesn't match the default python:waitress CPE, making the cve-checker
miss relevant CVEs.

See CVE db query:
sqlite> select * from products where PRODUCT like 'waitress';
CVE-2019-16785|agendaless|waitress|||1.3.1|<=
CVE-2019-16786|agendaless|waitress|||1.3.1|<
CVE-2019-16789|agendaless|waitress|||1.4.0|<=
CVE-2019-16792|agendaless|waitress|||1.3.1|<=
CVE-2020-5236|agendaless|waitress|1.4.2|=||
CVE-2022-24761|agendaless|waitress|||2.1.1|<
CVE-2022-31015|agendaless|waitress|2.1.0|>=|2.1.2|<
CVE-2024-49768|agendaless|waitress|2.0.0|>=|3.0.1|<
CVE-2024-49769|agendaless|waitress|||3.0.1|<

Set CVE_PRODUCT accordingly.

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-12-31 08:28:56 -08:00

Leon Anavi

72524d02e7

python3-waitress: Upgrade 3.0.0 -> 3.0.2

Upgrade to version 3.0.2:

- When using Waitress to process trusted proxy headers, Waitress
  will now update the headers to drop any untrusted values, thereby
  making sure that WSGI apps only get trusted and validated values
  that Waitress itself used to update the environ.

Signed-off-by: Leon Anavi <leon.anavi@konsulko.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2024-11-29 07:56:57 -08:00

2 Commits