Re: ‘guix lint’ CVE checker

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ‘guix lint’ CVE checker

From:	Ludovic Courtès
Subject:	Re: ‘guix lint’ CVE checker
Date:	Sat, 28 Nov 2015 16:07:27 +0100
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

address@hidden (Ludovic Courtès) skribis:

> gnu/packages/gcc.scm:324:2: gcc-4.9.3: probably vulnerable to CVE-2015-5276
> gnu/packages/image.scm:708:2: jasper-1.900.1: probably vulnerable to 
> CVE-2008-3522
> gnu/packages/pulseaudio.scm:44:2: libsndfile-1.0.25: probably vulnerable to 
> CVE-2015-7805
> gnu/packages/xml.scm:64:2: libxml2-2.9.2: probably vulnerable to 
> CVE-2015-7941, CVE-2015-7942
> gnu/packages/xml.scm:144:2: libxslt-1.1.28: probably vulnerable to 
> CVE-2015-7995

Interestingly, the GCC and libxslt ones are no longer visible at
<https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz>.
I wonder if there’s an eviction policy, but I don’t see it mentioned.

Ideas?

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/26
- Re: ‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/27
  - Re: ‘guix lint’ CVE checker, Mark H Weaver, 2015/11/27
    - Re: ‘guix lint’ CVE checker, Ludovic Courtès, 2015/11/28
- Re: ‘guix lint’ CVE checker, Ludovic Courtès <=

Prev by Date: Re: [PATCH] Fix XFCE shutdown/reboot via menu.
Next by Date: Re: ‘guix lint’ CVE checker
Previous by thread: Re: ‘guix lint’ CVE checker
Next by thread: [PATCH] openssh: install ssh-copy-id.
Index(es):
- Date
- Thread