Re: CVEs missing from the NIST database

Hi Ludovic, Ludovic Courtès writes: > Yes, that can happen when the CVE doesn’t list affected versions: > > https://www.openwall.com/lists/oss-security/2017/03/15/3 Thank you for pointing out that thread, and for starting it 4 years ago. I found it illuminating. > The solution here is to add

Re: CVEs missing from the NIST database

Hi Mark, Mark H Weaver skribis: > Ludovic Courtès writes: > >> In this case, I noticed that ‘guix lint -c cve cairo’ wouldn’t report >> CVE-2020-35492 and found that >> is 404. >> >> Likewise, this command: >> >>wget -qO - >> "https://nvd.n

Re: CVEs missing from the NIST database

Hi Ludovic, Ludovic Courtès writes: > In this case, I noticed that ‘guix lint -c cve cairo’ wouldn’t report > CVE-2020-35492 and found that > is 404. > > Likewise, this command: > >wget -qO - > "https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve

Re: CVEs missing from the NIST database

On Fri, Mar 12, 2021 at 04:31:59PM +0100, Ludovic Courtès wrote: > It could be that this CVE is still “pending” (I think that happens > sometimes). Do you know more about this one? I found some references from other distros: https://access.redhat.com/security/cve/cve-2020-35492 https://security-

CVEs missing from the NIST database

Hi Mark, guix-comm...@gnu.org skribis: > commit bc16eacc99e801ac30cbe2aa649a2be3ca5c102a > Author: Mark H Weaver > AuthorDate: Fri Mar 12 05:24:36 2021 -0500 > > gnu: cairo: Fix CVE-2018-19876 and CVE-2020-35492. > > * gnu/packages/patches/cairo-CVE-2018-19876.patch, > gnu/packa