[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: ‘guix lint’ CVE checker
From: |
Ludovic Courtès |
Subject: |
Re: ‘guix lint’ CVE checker |
Date: |
Sat, 28 Nov 2015 16:07:27 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
address@hidden (Ludovic Courtès) skribis:
> gnu/packages/gcc.scm:324:2: gcc-4.9.3: probably vulnerable to CVE-2015-5276
> gnu/packages/image.scm:708:2: jasper-1.900.1: probably vulnerable to
> CVE-2008-3522
> gnu/packages/pulseaudio.scm:44:2: libsndfile-1.0.25: probably vulnerable to
> CVE-2015-7805
> gnu/packages/xml.scm:64:2: libxml2-2.9.2: probably vulnerable to
> CVE-2015-7941, CVE-2015-7942
> gnu/packages/xml.scm:144:2: libxslt-1.1.28: probably vulnerable to
> CVE-2015-7995
Interestingly, the GCC and libxslt ones are no longer visible at
<https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz>.
I wonder if there’s an eviction policy, but I don’t see it mentioned.
Ideas?
Ludo’.