Hi Ludovic, Ludovic Courtès <[email protected]> writes:
> Yes, that can happen when the CVE doesn’t list affected versions: > > https://www.openwall.com/lists/oss-security/2017/03/15/3 Thank you for pointing out that thread, and for starting it 4 years ago. I found it illuminating. > The solution here is to add a ‘lint-hidden-cve’ property to the > package with a comment explaining why we think these CVEs can be > ignored (info "(guix) Invoking guix lint"). I've now done so for 'gnome-shell' and 'gvfs'. Thanks, Mark
