--- Begin Message ---
|
Subject: |
[staging PATCH 0/4] Update hdf5. |
|
Date: |
Wed, 22 Mar 2023 13:55:14 +0000 |
Greg Hogan (4):
gnu: hdf5@1.8: Update to 1.8.23.
gnu: hdf5@1.10: Update to 1.10.9.
gnu: hdf5@1.12: Update to 1.12.2.
gnu: Add hdf5@1.14.
gnu/packages/maths.scm | 32 ++++++++++++++++++++++++++------
1 file changed, 26 insertions(+), 6 deletions(-)
--
2.40.0
--- End Message ---
--- Begin Message ---
|
Subject: |
Re: bug#62380: [staging PATCH 0/4] Update hdf5. |
|
Date: |
Thu, 30 Mar 2023 23:27:01 -0400 |
|
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux) |
Hello,
I've installed the series to staging. It seems it could have also been
on the limit to go to master, so in the future feel free to submit for
master.
Something we should look into is hide the (false positive, I assume?)
CVEs reported by guix lint:
--8<---------------cut here---------------start------------->8---
gnu/packages/maths.scm:1390:2: hdf5@1.8.23: probably vulnerable to
CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1515:2: hdf5@1.10.9: probably vulnerable to
CVE-2020-10809, CVE-2020-10810, CVE-2020-10811, CVE-2020-10812
gnu/packages/maths.scm:1535:2: hdf5@1.12.2: probably vulnerable to
CVE-2021-37501
--8<---------------cut here---------------end--------------->8---
This can be done by adding lint-hidden-cve properties, with explanatory
comments.
--
Thanks,
Maxim
--- End Message ---