From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <guix-devel-bounces+larch=yhetil.org@gnu.org>
Received: from mp0 ([2001:41d0:2:c151::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by ms11 with LMTPS
	id YIpKIBGzS2A2BwAA0tVLHw
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 12 Mar 2021 18:29:37 +0000
Received: from aspmx2.migadu.com ([2001:41d0:2:c151::])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	by mp0 with LMTPS
	id 6MQdHBGzS2BZEgAA1q6Kng
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	for <larch@yhetil.org>; Fri, 12 Mar 2021 18:29:37 +0000
Received: from lists.gnu.org (lists.gnu.org [209.51.188.17])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by aspmx2.migadu.com (Postfix) with ESMTPS id 1A50C22C85
	for <larch@yhetil.org>; Fri, 12 Mar 2021 19:29:37 +0100 (CET)
Received: from localhost ([::1]:49906 helo=lists1p.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.90_1)
	(envelope-from <guix-devel-bounces+larch=yhetil.org@gnu.org>)
	id 1lKmXY-0006BE-0F
	for larch@yhetil.org; Fri, 12 Mar 2021 13:29:36 -0500
Received: from eggs.gnu.org ([2001:470:142:3::10]:37644)
 by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>) id 1lKlvq-0007Mi-5s
 for guix-devel@gnu.org; Fri, 12 Mar 2021 12:50:40 -0500
Received: from wout3-smtp.messagingengine.com ([64.147.123.19]:33961)
 by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256)
 (Exim 4.90_1) (envelope-from <leo@famulari.name>)
 id 1lKlvh-0003Wl-8L; Fri, 12 Mar 2021 12:50:37 -0500
Received: from compute1.internal (compute1.nyi.internal [10.202.2.41])
 by mailout.west.internal (Postfix) with ESMTP id D2A5A16C0;
 Fri, 12 Mar 2021 12:50:24 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162])
 by compute1.internal (MEProxy); Fri, 12 Mar 2021 12:50:25 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=famulari.name;
 h=date:from:to:cc:subject:message-id:references:mime-version
 :content-type:in-reply-to; s=mesmtp; bh=d493bBIfOvYzlizZTIiWiPLI
 ClRER5PoWERNOJWI2K0=; b=jHJ77lZUK2Wl8kSeeve2DXVscffcP4wcjSxVOrPs
 wEz46ihE4TZ5lppkHOwrZHRxT6YbG5nZJo3a3DKtFc8WLuZmyc8d6MH+J7XdH6GW
 TPVbkLd2dSGRU2xXvkg20KvgjLKKkcXtKA7o4eNloNiBMejJ8t0VCUmy2NypmoNF
 +xY=
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=
 messagingengine.com; h=cc:content-type:date:from:in-reply-to
 :message-id:mime-version:references:subject:to:x-me-proxy
 :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=d493bB
 IfOvYzlizZTIiWiPLIClRER5PoWERNOJWI2K0=; b=KkUawvm04GDXmNL5n6anv6
 aaQ0j0ExsOqUocPiWDRNQqx9T30vt9DYQQ3O7AQyO5PqLhz1cRaJNlwvz3TPYmxh
 wDoNLh8SjkB5AJbDiPsCU06W/S2DY9W3mBNKJyf6WXsGQIrMlsaOcQzajQ9IREI1
 NqTJmPuDWdxOWHH/fW5XyF49ZuV+MxZEup1AI81xcUty8IWYAmPeRmSbb/5980xW
 7+4sCAI2vUyc61+eSFNigREcgrYWxaR/uhv8UhnRB1vmPJ7sGSC6RxeUJluNQqVM
 lBd/PXIoP9tL7mngsKoGx3AzZMwD+GAL3KhI1eetRREfHgcG5HjccxlAtAVLK66Q
 ==
X-ME-Sender: <xms:36lLYGs3uJwMdMkrJfmmCDsMPw__ZPrQWQJs92EotAvDHMtgFJ2PMw>
 <xme:36lLYNclAJka_ElXaRLLY4rLfyXQexyjF4yCBmrfu842hTFJ67R6K0CIol5K0yU18
 eTAKftggdpXnmaLyw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduledruddvvddguddthecutefuodetggdotefrod
 ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh
 necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd
 enucfjughrpeffhffvuffkfhggtggujgesghdtreertddtjeenucfhrhhomhepnfgvohcu
 hfgrmhhulhgrrhhiuceolhgvohesfhgrmhhulhgrrhhirdhnrghmvgeqnecuggftrfgrth
 htvghrnhepveduleelteetudduteejgfeuuefggfekteetteegjefgtdejudejhfevieef
 fedvnecuffhomhgrihhnpehrvgguhhgrthdrtghomhdpuggvsghirghnrdhorhhgpdhfrh
 gvvgguvghskhhtohhprdhorhhgnecukfhppedutddtrdduuddrudeiledruddukeenucev
 lhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehlvghosehfrg
 hmuhhlrghrihdrnhgrmhgv
X-ME-Proxy: <xmx:36lLYLLHuANBGXhQMEfyLM5bF5DAb8YPdfcGaQI9R-bPvuuzDUGAag>
 <xmx:36lLYDboU6400a1WydWehpvO4r2Cab0m4ny-FOIhOGO9pMX3dMQZ9A>
 <xmx:36lLYOtPzUOp29cO36V8NTCo61_gNZRbobIMvMuIO91p1ksgcf3bGw>
 <xmx:4KlLYMVpOIulwThKLGZkfOn-RrbuJbIUnrQwFe3RwFywOHLdGyPJdA>
Received: from localhost (pool-100-11-169-118.phlapa.fios.verizon.net
 [100.11.169.118])
 by mail.messagingengine.com (Postfix) with ESMTPA id B9A83240054;
 Fri, 12 Mar 2021 12:50:23 -0500 (EST)
Date: Fri, 12 Mar 2021 12:50:21 -0500
From: Leo Famulari <leo@famulari.name>
To: Ludovic =?iso-8859-1?Q?Court=E8s?= <ludo@gnu.org>
Subject: Re: CVEs missing from the NIST database
Message-ID: <YEup3V/kVCoZ8vtd@jasmine.lan>
References: <20210312110935.16174.44675@vcs0.savannah.gnu.org>
 <20210312110938.317BD20B2E@vcs0.savannah.gnu.org>
 <871rcktmkw.fsf_-_@gnu.org>
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature"; boundary="cyte85grEud5cASj"
Content-Disposition: inline
In-Reply-To: <871rcktmkw.fsf_-_@gnu.org>
Received-SPF: pass client-ip=64.147.123.19; envelope-from=leo@famulari.name;
 helo=wout3-smtp.messagingengine.com
X-Spam_score_int: -27
X-Spam_score: -2.8
X-Spam_bar: --
X-Spam_report: (-2.8 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1,
 DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1,
 RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001,
 SPF_HELO_PASS=-0.001, SPF_PASS=-0.001 autolearn=ham autolearn_force=no
X-Spam_action: no action
X-BeenThere: guix-devel@gnu.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: "Development of GNU Guix and the GNU System distribution."
 <guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <https://lists.gnu.org/archive/html/guix-devel>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
 <mailto:guix-devel-request@gnu.org?subject=subscribe>
Cc: guix-devel@gnu.org
Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+larch=yhetil.org@gnu.org>
X-Migadu-Flow: FLOW_IN
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org;
	s=key1; t=1615573777;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:cc:mime-version:mime-version:
	 content-type:content-type:in-reply-to:in-reply-to:
	 references:references:list-id:list-help:list-unsubscribe:
	 list-subscribe:list-post:dkim-signature;
	bh=d493bBIfOvYzlizZTIiWiPLIClRER5PoWERNOJWI2K0=;
	b=hwGYvwssSe7GWhVwHKOHM1DtT/+5n999ol7+0/sETlozjBXxOaS05xo5bcb+xlC5Glrpor
	N0cs1udMmzV65XZnfNPTFpBqPQJvgvEr7g7Np4iVDQKqeRgPVZPy/WKPRdObhaP88e/jzM
	ewPer878C3IOKFerH5ldUyYKExpZA2KlqvzDTFGY/O0wiH/yuE4HldJ7Y0/2zT0QVBa8DC
	Y6VQkNQeyAsCRXU1Q7ciOarsfptEJq0TcOsgE0xgFSrNc8P7DQjxb3+JmF06O8G9pLtVZC
	8o0mQVLaBQY5ohWaniqugfLFfVOOC0K7SUCMCYHErM55oO5viJot9HzvIKi2uA==
ARC-Seal: i=1; s=key1; d=yhetil.org; t=1615573777; a=rsa-sha256; cv=none;
	b=aWiPWayyCJCmp2UfJ1+eOwDNjK7PoWyXBSPQB7QCbDBmyyRn7JsLH+jaobi7qLLKPUClwc
	xKfwS3Bbz7YG2lhaRyc7TRr6OSVNvoSHy6pVme/3SJCyWP6r/NvkOcLNgDO5uh2R6qhccO
	AnbswjAi5UptpOjQpCaGzqYYauM2nNLX8Nuy12sAsBaOdadkvHPKRQ81HGcXo5NjVrTfxT
	g4i2hhZIMeMInRb6R46BetcYnf+IUDAF1YscgcWoRKr0RzHcyjGt6J1sft7XImrhqftWzP
	yqv1lUbFWWmKbTqk2ZkFYH/VYhXTtnuve/Rv2WpmJLQlhUVV8rmGOe1XXoz7rQ==
ARC-Authentication-Results: i=1;
	aspmx2.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=jHJ77lZU;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=KkUawvm0;
	dmarc=none;
	spf=pass (aspmx2.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Spam-Score: -3.49
Authentication-Results: aspmx2.migadu.com;
	dkim=fail ("headers rsa verify failed") header.d=famulari.name header.s=mesmtp header.b=jHJ77lZU;
	dkim=fail ("headers rsa verify failed") header.d=messagingengine.com header.s=fm2 header.b=KkUawvm0;
	dmarc=none;
	spf=pass (aspmx2.migadu.com: domain of guix-devel-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-devel-bounces@gnu.org
X-Migadu-Queue-Id: 1A50C22C85
X-Spam-Score: -3.49
X-Migadu-Scanner: scn0.migadu.com
X-TUID: adFUpeu9Jr43


--cyte85grEud5cASj
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 12, 2021 at 04:31:59PM +0100, Ludovic Court=C3=A8s wrote:
> It could be that this CVE is still =E2=80=9Cpending=E2=80=9D (I think tha=
t happens
> sometimes).  Do you know more about this one?

I found some references from other distros:

https://access.redhat.com/security/cve/cve-2020-35492
https://security-tracker.debian.org/tracker/CVE-2020-35492

=2E.. and the upstream bug report:

https://gitlab.freedesktop.org/cairo/cairo/-/issues/437

My impression of the process around reporting and registering CVE IDs is
that it's somewhat decentralized now, so there can be lack of
coordination between reporters and "canonical" authorities like NIST.

--cyte85grEud5cASj
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQIzBAABCAAdFiEEsFFZSPHn08G5gDigJkb6MLrKfwgFAmBLqdYACgkQJkb6MLrK
fwj5YhAA6+69CxoiDBhl2Z8ubRd5PlEv28WzU2k0yKCnwU1bNxZfjhrC5QkEwDzu
imX4xR1A9x8L+hF7DYRPevbAPD9rMqY6tD7XXJXDj+MnXbZ2UOT28/P8yUuhfHFw
y6aQIKexRtaKXqKicskVqPmRyiGacu+dzOObbJgu8521nUYqCF6pgzAz+RArpUYy
vF9UiNilK9suY++68NvOJxOd4w8ElwGuzvm6+JZ26/rvTh/hjnSSlHyJXOIlzwfZ
uH9uITP8Y6NnuLG0Nh8zm0nuqWXff6EUB1jV1TanxvzJ0ag5QlJnluIqTb+MAiD2
FOEE3AwFtUh5uACSZttIKOR4phqA7khS2YkOSYtL8YupRiFS2L9QgietjtWk+L8X
yhmOow5ixD9NEn5QCkj1E2wNdaDUUzRWu75lBXuLF5y1FjnL9TJhRwSirEvVX1VD
tteYrTru1nC9T18aXMOOuwS8wggpU3mqjb555nW7f1dMExn37YsB/DuNi/rFVk9p
bU3ceXvjPSb5MJXi7mK6mbAWYUSzmKxv5MkoFYGFeJEVpCCS376yRq5v+1IGuF3N
pvOk10LS6u7g9bllWs+bHeq3zA7KFXtpMGVpsueKmhNisOEJRE/p7NtUCLaKoMhV
5H3NjLAxMxyQT08Xgoria1DyQmafBwbC3Le0gscmGUeEVjdczgc=
=mcNL
-----END PGP SIGNATURE-----

--cyte85grEud5cASj--