meta-openembedded

mirrors/meta-openembedded

Fork 0

mirror of https://github.com/openembedded/meta-openembedded.git synced 2026-01-14 16:11:32 +00:00

Commit Graph

Author	SHA1	Message	Date
Gyorgy Sarvari	e22d2a7ba6	python3-paramiko: set CVE_PRODUCT Set correct CVE_PRODUCT for paramiko. The default python:paramiko value doesn't match CVEs, because the product has its own set of CPEs associated with CVEs. See CVE db query: sqlite> select * from products where PRODUCT = 'paramiko'; CVE-2008-0299\|python_software_foundation\|paramiko\|1.7.1\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.17.6\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|1.18.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.0.8\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.1.5\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.2.3\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.3.2\|=\|\| CVE-2018-1000805\|paramiko\|paramiko\|2.4.1\|=\|\| CVE-2018-7750\|paramiko\|paramiko\|\|\|1.17.6\|< CVE-2018-7750\|paramiko\|paramiko\|1.18.0\|>=\|1.18.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.0.0\|>=\|2.0.8\|< CVE-2018-7750\|paramiko\|paramiko\|2.1.0\|>=\|2.1.5\|< CVE-2018-7750\|paramiko\|paramiko\|2.2.0\|>=\|2.2.3\|< CVE-2018-7750\|paramiko\|paramiko\|2.3.0\|>=\|2.3.2\|< CVE-2018-7750\|paramiko\|paramiko\|2.4.0\|=\|\| CVE-2022-24302\|paramiko\|paramiko\|\|\|2.10.1\|< CVE-2023-48795\|paramiko\|paramiko\|\|\|3.4.0\|< Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-12-31 08:28:51 -08:00
Wang Mingyu	e22a95f76e	python3-paramiko: upgrade 3.5.0 -> 3.5.1 Changelog: ========== - Private key material is now explicitly 'unpadded' during decryption, removing a reliance on some lax OpenSSL behavior & making us compatible with future Cryptography releases. Signed-off-by: Wang Mingyu <wangmy@fujitsu.com> Signed-off-by: Khem Raj <raj.khem@gmail.com>	2025-02-12 09:16:05 -08:00

Author

SHA1

Message

Date

Gyorgy Sarvari

e22d2a7ba6

python3-paramiko: set CVE_PRODUCT

Set correct CVE_PRODUCT for paramiko. The default python:paramiko value
doesn't match CVEs, because the product has its own set of CPEs associated
with CVEs.

See CVE db query:
sqlite> select * from products where PRODUCT = 'paramiko';
CVE-2008-0299|python_software_foundation|paramiko|1.7.1|=||
CVE-2018-1000805|paramiko|paramiko|1.17.6|=||
CVE-2018-1000805|paramiko|paramiko|1.18.5|=||
CVE-2018-1000805|paramiko|paramiko|2.0.8|=||
CVE-2018-1000805|paramiko|paramiko|2.1.5|=||
CVE-2018-1000805|paramiko|paramiko|2.2.3|=||
CVE-2018-1000805|paramiko|paramiko|2.3.2|=||
CVE-2018-1000805|paramiko|paramiko|2.4.1|=||
CVE-2018-7750|paramiko|paramiko|||1.17.6|<
CVE-2018-7750|paramiko|paramiko|1.18.0|>=|1.18.5|<
CVE-2018-7750|paramiko|paramiko|2.0.0|>=|2.0.8|<
CVE-2018-7750|paramiko|paramiko|2.1.0|>=|2.1.5|<
CVE-2018-7750|paramiko|paramiko|2.2.0|>=|2.2.3|<
CVE-2018-7750|paramiko|paramiko|2.3.0|>=|2.3.2|<
CVE-2018-7750|paramiko|paramiko|2.4.0|=||
CVE-2022-24302|paramiko|paramiko|||2.10.1|<
CVE-2023-48795|paramiko|paramiko|||3.4.0|<

Signed-off-by: Gyorgy Sarvari <skandigraun@gmail.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-12-31 08:28:51 -08:00

Wang Mingyu

e22a95f76e

python3-paramiko: upgrade 3.5.0 -> 3.5.1

Changelog:
==========
- Private key material is now explicitly 'unpadded' during
  decryption, removing a reliance on some lax OpenSSL behavior & making us
  compatible with future Cryptography releases.

Signed-off-by: Wang Mingyu <wangmy@fujitsu.com>
Signed-off-by: Khem Raj <raj.khem@gmail.com>

2025-02-12 09:16:05 -08:00

2 Commits