GNU bug report logs - #76819
[PATCH v7 00/35] Add lint-hidden-cpe-vendors property

Previous Next

Package: guix-patches;

Reported by: Nicolas Graves <ngraves <at> ngraves.fr>

Date: Fri, 7 Mar 2025 18:36:01 UTC

Severity: normal

Tags: patch

Full log

Message #65 received at 76819 <at> debbugs.gnu.org (full text, mbox):

From: Nicolas Graves <ngraves <at> ngraves.fr>
To: 76819 <at> debbugs.gnu.org
Cc: Nicolas Graves <ngraves <at> ngraves.fr>
Subject: [PATCH v7 21/35] gnu: jq: Add lint-hidden-cve property.
Date: Fri,  7 Mar 2025 19:38:50 +0100

* gnu/packages/web.scm (jq)[properties]: Add lint-hidden-cve property.
---
 gnu/packages/web.scm | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/gnu/packages/web.scm b/gnu/packages/web.scm
index 193241bcf3..25436c32ab 100644
--- a/gnu/packages/web.scm
+++ b/gnu/packages/web.scm
@@ -5608,7 +5608,10 @@ (define-public jq
 mangle the data format that you have into the one that you want with very
 little effort, and the program to do so is often shorter and simpler than
 you'd expect.")
-    (license (list license:expat license:cc-by3.0))))
+    (license (list license:expat license:cc-by3.0))
+    ;; Both those CVEs are actually fixed in version 1.7.1.
+    (properties `((lint-hidden-cve . ("CVE-2023-50246"
+                                      "CVE-2023-50268"))))))
 
 (define-public go-github-com-mikefarah-yq-v4
   (package
-- 
2.48.1
This bug report was last modified 99 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.