Google Git
Sign in
chromium/chromiumos/overlays/portage-stable/refs/heads/firmware-R145-16552.2.B^!/.
commit
576775fe70565fafb9ca8875b936a9145ccf4414
[log] [tgz]
author
Greg Edelston <gredelston@google.com>
Thu Dec 18 18:19:44 2025
committer
Chromeos LUCI <chromeos-scoped@luci-project-accounts.iam.gserviceaccount.com>
Thu Dec 18 20:14:47 2025
tree
fe534ab04d6feb4ffee1859016107f7f745c2362
parent
8e9d8fdddfa4a9797fd867fed0d6d5ba0a224ab7 [diff]
dev-python/setuptools: update METADATA for CVE-2025-47273

This change updates the METADATA file to reflect that CVE-2025-47273
is mitigated by a patch.

BUG=b:456337451
TEST=none

Change-Id: I31b8af2e0431fa5322172adcaf6455972e79ce68
Reviewed-on: https://chromium-review.googlesource.com/c/chromiumos/overlays/portage-stable/+/7275619
Auto-Submit: Greg Edelston <gredelston@google.com>
Tested-by: Greg Edelston <gredelston@google.com>
Commit-Queue: Greg Edelston <gredelston@google.com>
Reviewed-by: Leandro Lovisolo <lovisolo@google.com>

diff --git a/dev-python/setuptools/METADATA b/dev-python/setuptools/METADATA
new file mode 100644
index 0000000..087dd93
--- /dev/null
+++ b/dev-python/setuptools/METADATA

@@ -0,0 +1,15 @@
+# Copyright 2025 The ChromiumOS Authors
+# Use of this source code is governed by a BSD-style license that can be
+# found in the LICENSE file.
+
+# Metadata for CVEs that are fixed or don't affect ChromeOS.
+
+third_party {
+  security {
+    # CVEs mitigated by PATCHES.
+    mitigated_security_patch: "CVE-2025-47273"  # Fixed in files/setuptools-73.0.1-CVE-2025-47273.patch
+
+    # ChromeOS Public Tracker > Services > EngProd > Build
+    tag: "vuln_reporting:buganizer_component:1037860"
+  }
+}