On Sat, Nov 05, 2016 at 10:53:57AM +0000, Marius Bakke wrote:
> Leo Famulari <leo@famulari.name> writes:
> 
> > * gnu/packages/patches/weex-CVE-2005-3150.patch: New file.
> > * gnu/local.mk (dist_patch_DATA): Add it.
> > * gnu/packages/ftp.scm (weex)[source]: Use it.
> 
> Wow, an 11 year-old CVE. There is a 2.8.0 release of weex from last year
> on http://weex.sf.net, is that still affected? We have 2.6.15.

And a 2.8.2 release! Updating is a better idea; I didn't realize it was
an option. Done as 2d125a9b21306919e6123f76c0970988b14dadcf

If your to-do list needs more entries, you can try increasing the values
of 'past-years' and 'past-ttls' in (guix cve).