On Thu, 10 May 2018 00:01:13 +0200
ludo@gnu.org (Ludovic Courtès) wrote:


> > * gnu/packages/image-processing.scm (opencv): New variable.  
> 
> Applied!

Thanks.
 
> ‘guix lint’ reports this:
> 
>   gnu/packages/image-processing.scm:201:2: opencv@3.4.1: probably
> vulnerable to CVE-2018-7712, CVE-2018-7713, CVE-2018-7714
> 
> Could you take a look?  It could be that 3.4.2 is around the corner
> and we’ll just update at that point; if not, we may have to apply
> upstream patches for these issues.

While finally linting, I noticed these too. OpenCV claims this is not
an issue:

https://github.com/opencv/opencv/issues/10998

Should we mention it somewhere in the code? Is there a formal process
to hide or comment specific CVEs?


Björn