[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'

From: Ludovic Courtès
Subject: Re: GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'
Date: Mon, 15 Mar 2021 17:42:27 +0100
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/27.1 (gnu/linux)

Hi Léo,

Léo Le Bouter <> skribis:

> Currently CVE-2020-9298 is being wrongly reported by 'guix lint -c cve'
> because vendor is not taken into account, therefore:
> "cpe:2.3:a:spinnaker:orca" also matches.
> Reminder that we need cpe-vendor property as told in <
> I would like to tag the package but currently cannot because cpe-vendor 
> does not exist yet.

As a workaround, you could tag it with ‘lint-hidden-cve’ with an “XXX”
comment explaining the situation.

Thanks for looking into all this!


reply via email to

[Prev in Thread] Current Thread [Next in Thread]