GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'

guix-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'

From:	Léo Le Bouter
Subject:	GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'
Date:	Thu, 11 Mar 2021 02:41:24 +0100
User-agent:	Evolution 3.34.2

This is GNOME Orca in the CPE database: 
https://nvd.nist.gov/products/cpe/detail/660937?namingFormat=2.3&orderBy=CPEURI&keyword=orca&status=FINAL

Currently CVE-2020-9298 is being wrongly reported by 'guix lint -c cve'
because vendor is not taken into account, therefore:
"cpe:2.3:a:spinnaker:orca" also matches.

Reminder that we need cpe-vendor property as told in <
https://issues.guix.gnu.org/40142>.

I would like to tag the package but currently cannot because cpe-vendor 
does not exist yet.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

GNOME Orca 'orca' package mislabeled by 'guix lint -c cve', Léo Le Bouter <=
- Re: GNOME Orca 'orca' package mislabeled by 'guix lint -c cve', Ludovic Courtès, 2021/03/15

Prev by Date: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219
Next by Date: Re: GNU Guix (pull?) on i686 broke after zstd grafting
Previous by thread: glib@2.62.6 is vulnerable to CVE-2021-27218 and CVE-2021-27219
Next by thread: Re: GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'
Index(es):
- Date
- Thread