[bug#30801] Add opencv

guix-patches

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug#30801] Add opencv

From:	Björn Höfling
Subject:	[bug#30801] Add opencv
Date:	Sun, 13 May 2018 01:42:38 +0200

On Fri, 11 May 2018 14:00:05 +0200
address@hidden (Ludovic Courtès) wrote:

> >> ‘guix lint’ reports this:
> >> 
> >>   gnu/packages/image-processing.scm:201:2: address@hidden: probably
> >> vulnerable to CVE-2018-7712, CVE-2018-7713, CVE-2018-7714
> >> 
> >> Could you take a look?  It could be that 3.4.2 is around the corner
> >> and we’ll just update at that point; if not, we may have to apply
> >> upstream patches for these issues.  
> >
> > While finally linting, I noticed these too. OpenCV claims this is
> > not an issue:
> >
> > https://github.com/opencv/opencv/issues/10998
> >
> > Should we mention it somewhere in the code? Is there a formal
> > process to hide or comment specific CVEs?  
> 
> The developer’s reasoning makes sense to me (IOW, the CVEs should be
> against the applications that don’t handle exceptions properly rather
> than against OpenCV itself.)
> 
> You can use the ‘lint-hidden-cve’ property to explicitly hide them.
> Please add a comment with the URL above as well.

I added a new patch including documentation about lint-hidden-cve:

https://debbugs.gnu.org/cgi/bugreport.cgi?bug=31437

Björn

pgpWl0aJkXQ1u.pgp
Description: OpenPGP digital signature

[Prev in Thread]

Current Thread

[Next in Thread]

[bug#30801] Add opencv, Björn Höfling, 2018/05/07
- bug#30801: Add opencv, Ludovic Courtès, 2018/05/09
  - [bug#30801] Add opencv, Björn Höfling, 2018/05/11
    - [bug#30801] Add opencv, Ludovic Courtès, 2018/05/11
    - [bug#30801] Add opencv, Björn Höfling <=

Prev by Date: [bug#31437] [PATCH 2/2] gnu: opencv: Ignore CVEs.
Next by Date: [bug#31416] [PATCH 1/4] system: Add os-with-u-boot.
Previous by thread: [bug#30801] Add opencv
Next by thread: [bug#31381] Drop libmad from MPD
Index(es):
- Date
- Thread