|
From: | goodoldpaul |
Subject: | [bug#38687] [PATCH] gnu: Add libtcod. |
Date: | Thu, 06 Feb 2020 20:16:57 +0000 |
User-agent: | Roundcube Webmail |
Hi Marius and Ludo,I managed to remove all vendored libraries except for glad.h which seems to be some kind of generated glue code for loading OpenGL (https://github.com/Dav1dde/glad). In the next two patches I'm adding libtcod and it's dependency lodepng.
Guix lint is warning me that lodepng could be affected by CVE-2019-17178, but taking a look at https://nvd.nist.gov/vuln/detail/CVE-2019-17178 and https://nvd.nist.gov/vuln/search/results?adv_search=true&cpe_version=cpe%3a%2fa%3alodev%3alodepng%3a2019-09-28 seems to indicate that lodepng should be *not* vulnerable since 28/09/2019, did I understand correctly?
Please don't hesitate and tell me if anything should done w.r.t. the CVE.
Thanks for your patience reviewing this, Giacomo
[Prev in Thread] | Current Thread | [Next in Thread] |