bug#47188: "guix lint -c cve" does not account for language prefixes (ru

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47188: "guix lint -c cve" does not account for language prefixes (ru

From:	Léo Le Bouter
Subject:	bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)
Date:	Tue, 16 Mar 2021 10:29:43 +0100
User-agent:	Evolution 3.34.2

./pre-inst-env guix lint -c cve python-urllib3@1.26.2
Here this should return at least CVE-2021-28363 but it does not because
the CVE database contains urllib3 and not python-urllib3 (which AFAICT
the cve linter searches for).

Annotating each and every python-, go-, and rust- package with cpe-name 
properties is going to be very annoying. I suggest we add some
heuristics that try both the full name and prefix-trimmed name. python-
urllib3's cpe name and vendor is python (vendor) urllib3 (name).

Same story for CVE-2021-28305 and rust-diesel, though it doesnt even
have a CPE entry yet.

signature.asc
Description: This is a digitally signed message part

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), Léo Le Bouter <=
- bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), zimoun, 2021/03/16
- bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..), Ludovic Courtès, 2021/03/18

Prev by Date: bug#47115: Redundant library grafts leads to breakage (was: Failure building grub-img.png when reconfiguring)
Next by Date: bug#47106: Bubblewrap hates Guix containers 😞
Previous by thread: bug#47186: python2 variants made through (package-with-python2 (strip-python2-variant ...)) don't inherit grafts
Next by thread: bug#47188: "guix lint -c cve" does not account for language prefixes (rust-, python-, go-, ..)
Index(es):
- Date
- Thread