[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: CVEs missing from the NIST database
From: |
Mark H Weaver |
Subject: |
Re: CVEs missing from the NIST database |
Date: |
Wed, 17 Mar 2021 00:15:55 -0400 |
Hi Ludovic,
Ludovic Courtès <ludo@gnu.org> writes:
> Yes, that can happen when the CVE doesn’t list affected versions:
>
> https://www.openwall.com/lists/oss-security/2017/03/15/3
Thank you for pointing out that thread, and for starting it 4 years ago.
I found it illuminating.
> The solution here is to add a ‘lint-hidden-cve’ property to the
> package with a comment explaining why we think these CVEs can be
> ignored (info "(guix) Invoking guix lint").
I've now done so for 'gnome-shell' and 'gvfs'.
Thanks,
Mark