[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
CVEs missing from the NIST database
From: |
Ludovic Courtès |
Subject: |
CVEs missing from the NIST database |
Date: |
Fri, 12 Mar 2021 16:31:59 +0100 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux) |
Hi Mark,
guix-commits@gnu.org skribis:
> commit bc16eacc99e801ac30cbe2aa649a2be3ca5c102a
> Author: Mark H Weaver <mhw@netris.org>
> AuthorDate: Fri Mar 12 05:24:36 2021 -0500
>
> gnu: cairo: Fix CVE-2018-19876 and CVE-2020-35492.
>
> * gnu/packages/patches/cairo-CVE-2018-19876.patch,
> gnu/packages/patches/cairo-CVE-2020-35492.patch: New files.
> * gnu/local.mk (dist_patch_DATA): Add them.
> * gnu/packages/gtk.scm (cairo)[replacement]: New field.
> (cairo/fixed): New variable.
> (cairo-xcb): Use package/inherit.
Since there are lot of CVEs getting fixed in Guix these days (thanks
folks!), I’m trying to see how helpful (guix cve) is for those.
In this case, I noticed that ‘guix lint -c cve cairo’ wouldn’t report
CVE-2020-35492 and found that
<https://nvd.nist.gov/vuln/detail/CVE-2020-35492> is 404.
Likewise, this command:
wget -qO - "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2020.json.gz"
| \
gunzip | grep CVE-202-35492
turns up nothing.
It could be that this CVE is still “pending” (I think that happens
sometimes). Do you know more about this one?
Thanks,
Ludo’.
- CVEs missing from the NIST database,
Ludovic Courtès <=