Alex Vong writes: > Severity: important > Tags: patch security > > Hello, > > This patch fixes the latest CVE of catdoc. The upstream repo[0] is not > updated for more than a year, so I grab the patch from openSUSE instead > (which is also used by Debian). Thanks for this, pushed! [...] > (I am re-sending this mail for the 3rd time since I didn't receive a > reply from debbugs. This time I decide to mail to guix-devel as well > just in case it doesn't work again.) No idea what's up with that. Does it work if you omit the debbugs control headers? Perhaps processing is disabled for guix-patches, or something.