GNU bug report logs - #62380
[staging PATCH 0/4] Update hdf5.

Previous Next

Package: guix-patches;

Reported by: Greg Hogan <code <at> greghogan.com>

Date: Wed, 22 Mar 2023 13:56:01 UTC

Severity: normal

Tags: patch

Done: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #22 received at 62380-done <at> debbugs.gnu.org (full text, mbox):

From: Maxim Cournoyer <maxim.cournoyer <at> gmail.com>
To: Greg Hogan <code <at> greghogan.com>
Cc: 62380-done <at> debbugs.gnu.org
Subject: Re: bug#62380: [staging PATCH 0/4] Update hdf5.
Date: Thu, 30 Mar 2023 23:27:01 -0400

Hello,

I've installed the series to staging.  It seems it could have also been
on the limit to go to master, so in the future feel free to submit for
master.

Something we should look into is hide the (false positive, I assume?)
CVEs reported by guix lint:

--8<---------------cut here---------------start------------->8---
gnu/packages/maths.scm:1390:2: hdf5 <at> 1.8.23: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1515:2: hdf5 <at> 1.10.9: probably vulnerable to CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1535:2: hdf5 <at> 1.12.2: probably vulnerable to CVE-2021-37501
--8<---------------cut here---------------end--------------->8---

This can be done by adding lint-hidden-cve properties, with explanatory comments.

-- 
Thanks,
Maxim

This bug report was last modified 2 years and 114 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #62380 [staging PATCH 0/4] Update hdf5.

GNU bug report logs - #62380
[staging PATCH 0/4] Update hdf5.