There is only one relevant CVE associated with this recipe in the CVE db,
but it is tracked using gunicorn:gunicorn CPE instead of python:gunicorn
(which is the default CPE from pypi.bbclass)
See CVE db query:
sqlite> select * from products where PRODUCT like '%gunicorn%';
CVE-2018-1000164|gunicorn|gunicorn|19.4.5|=||
Set CVE_PRODUCT so that it matches relevant CVEs.
Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
Changelog:
===========
- minor docs fixes
- worker_class parameter accepts a class
- fix deadlock if request terminated during chunked parsing
- permit receiving Transfer-Encodings: compress, deflate, gzip
- permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still
- sdist generation now explicitly excludes sphinx build folder
- decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError
- raise correct Exception when encounting invalid chunked requests
- the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore
- include IPv6 loopback address [::1] in default for forwarded_allow_ips and proxy_allow_ips
- refuse requests where the uri field is empty
- refuse requests with invalid CR/LR/NUL in heade field values
- remove temporary --tolerate-dangerous-framing switch from 22.0
Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>
