[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

CVEs missing from the NIST database

From: Ludovic Courtès
Subject: CVEs missing from the NIST database
Date: Fri, 12 Mar 2021 16:31:59 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Hi Mark, skribis:

> commit bc16eacc99e801ac30cbe2aa649a2be3ca5c102a
> Author: Mark H Weaver <>
> AuthorDate: Fri Mar 12 05:24:36 2021 -0500
>     gnu: cairo: Fix CVE-2018-19876 and CVE-2020-35492.
>     * gnu/packages/patches/cairo-CVE-2018-19876.patch,
>     gnu/packages/patches/cairo-CVE-2020-35492.patch: New files.
>     * gnu/ (dist_patch_DATA): Add them.
>     * gnu/packages/gtk.scm (cairo)[replacement]: New field.
>     (cairo/fixed): New variable.
>     (cairo-xcb): Use package/inherit.

Since there are lot of CVEs getting fixed in Guix these days (thanks
folks!), I’m trying to see how helpful (guix cve) is for those.

In this case, I noticed that ‘guix lint -c cve cairo’ wouldn’t report
CVE-2020-35492 and found that
<> is 404.

Likewise, this command:

   wget -qO - ""; 
| \
     gunzip | grep CVE-202-35492

turns up nothing.

It could be that this CVE is still “pending” (I think that happens
sometimes).  Do you know more about this one?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]