[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
GNOME Orca 'orca' package mislabeled by 'guix lint -c cve'
From: |
Léo Le Bouter |
Subject: |
GNOME Orca 'orca' package mislabeled by 'guix lint -c cve' |
Date: |
Thu, 11 Mar 2021 02:41:24 +0100 |
User-agent: |
Evolution 3.34.2 |
This is GNOME Orca in the CPE database:
https://nvd.nist.gov/products/cpe/detail/660937?namingFormat=2.3&orderBy=CPEURI&keyword=orca&status=FINAL
Currently CVE-2020-9298 is being wrongly reported by 'guix lint -c cve'
because vendor is not taken into account, therefore:
"cpe:2.3:a:spinnaker:orca" also matches.
Reminder that we need cpe-vendor property as told in <
https://issues.guix.gnu.org/40142>.
I would like to tag the package but currently cannot because cpe-vendor
does not exist yet.
signature.asc
Description: This is a digitally signed message part
- GNOME Orca 'orca' package mislabeled by 'guix lint -c cve',
Léo Le Bouter <=