guix-patches
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#30801] Add opencv


From: Ludovic Courtès
Subject: [bug#30801] Add opencv
Date: Fri, 11 May 2018 14:00:05 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/25.3 (gnu/linux)

Hello!

Björn Höfling <address@hidden> skribis:

> On Thu, 10 May 2018 00:01:13 +0200
> address@hidden (Ludovic Courtès) wrote:

[...]

>> ‘guix lint’ reports this:
>> 
>>   gnu/packages/image-processing.scm:201:2: address@hidden: probably
>> vulnerable to CVE-2018-7712, CVE-2018-7713, CVE-2018-7714
>> 
>> Could you take a look?  It could be that 3.4.2 is around the corner
>> and we’ll just update at that point; if not, we may have to apply
>> upstream patches for these issues.
>
> While finally linting, I noticed these too. OpenCV claims this is not
> an issue:
>
> https://github.com/opencv/opencv/issues/10998
>
> Should we mention it somewhere in the code? Is there a formal process
> to hide or comment specific CVEs?

The developer’s reasoning makes sense to me (IOW, the CVEs should be
against the applications that don’t handle exceptions properly rather
than against OpenCV itself.)

You can use the ‘lint-hidden-cve’ property to explicitly hide them.
Please add a comment with the URL above as well.

Thanks,
Ludo’.





reply via email to

[Prev in Thread] Current Thread [Next in Thread]