GNU bug report logs - #62380
[staging PATCH 0/4] Update hdf5.

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Wed, 22 Mar 2023 13:56:01 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

View this message in rfc822 format

From: help-debbugs <at> gnu.org (GNU bug Tracking System)
To: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
Cc: tracker <at> debbugs.gnu.org
Subject: bug#62380: closed ([staging PATCH 0/4] Update hdf5.)
Date: Fri, 31 Mar 2023 03:28:01 +0000

[Message part 1 (text/plain, inline)]
Your message dated Thu, 30 Mar 2023 23:27:01 -0400
with message-id <87fs9ly516.fsf_-_ <at> gmail.com>
and subject line Re: bug#62380: [staging PATCH 0/4] Update hdf5.
has caused the debbugs.gnu.org bug report #62380,
regarding [staging PATCH 0/4] Update hdf5.
to be marked as done.

(If you believe you have received this mail in error, please contact
help-debbugs <at> gnu.org.)


-- 
62380: https://debbugs.gnu.org/cgi/bugreport.cgi?bug=62380
GNU Bug Tracking System
Contact help-debbugs <at> gnu.org with problems

[Message part 2 (message/rfc822, inline)]
From: Greg Hogan <code <at> greghogan.com>
To: guix-patches <at> gnu.org
Cc: Greg Hogan <code <at> greghogan.com>
Subject: [staging PATCH 0/4] Update hdf5.
Date: Wed, 22 Mar 2023 13:55:14 +0000

Greg Hogan (4):
  gnu: hdf5 <at> 1.8: Update to 1.8.23.
  gnu: hdf5 <at> 1.10: Update to 1.10.9.
  gnu: hdf5 <at> 1.12: Update to 1.12.2.
  gnu: Add hdf5 <at> 1.14.

 gnu/packages/maths.scm | 32 ++++++++++++++++++++++++++------
 1 file changed, 26 insertions(+), 6 deletions(-)

-- 
2.40.0




[Message part 3 (message/rfc822, inline)]
From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Greg Hogan <code <at> greghogan.com>
Cc: 62380-done <at> debbugs.gnu.org
Subject: Re: bug#62380: [staging PATCH 0/4] Update hdf5.
Date: Thu, 30 Mar 2023 23:27:01 -0400

Hello,

I've installed the series to staging.  It seems it could have also been
on the limit to go to master, so in the future feel free to submit for
master.

Something we should look into is hide the (false positive, I assume?)
CVEs reported by guix lint:

--8<---------------cut here---------------start------------->8---
gnu/packages/maths.scm:1390:2: hdf5 <at> 1.8.23: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1515:2: hdf5 <at> 1.10.9: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1535:2: hdf5 <at> 1.12.2: probably vulnerable to CVE-2021-37501
--8<---------------cut here---------------end--------------->8---

This can be done by adding lint-hidden-cve properties, with explanatory comments.

-- 
Thanks,
Maxim
This bug report was last modified 2 years and 114 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.