From: "mark.yang" <[email protected]>

The default python:pyasn1 does not match the NVD/CNA entries which use
pyasn1 as vendor, so CVEs like CVE-2026-30922 are never reported. Use
the exact pyasn1:pyasn1 pair.

Suggested-by: Ross Burton <[email protected]>
Signed-off-by: mark.yang <[email protected]>
---
v2: use exact vendor:product pair

 meta/recipes-devtools/python/python3-pyasn1_0.6.3.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-devtools/python/python3-pyasn1_0.6.3.bb 
b/meta/recipes-devtools/python/python3-pyasn1_0.6.3.bb
index fb572d9da4..60b38c57c5 100644
--- a/meta/recipes-devtools/python/python3-pyasn1_0.6.3.bb
+++ b/meta/recipes-devtools/python/python3-pyasn1_0.6.3.bb
@@ -14,4 +14,6 @@ RDEPENDS:${PN}:class-target += " \
     python3-shell \
 "
 
+CVE_PRODUCT = "pyasn1:pyasn1"
+
 BBCLASSEXTEND = "native nativesdk"
-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#240857): 
https://lists.openembedded.org/g/openembedded-core/message/240857
Mute This Topic: https://lists.openembedded.org/mt/120259067/21656
Group Owner: [email protected]
Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to