l...@gnu.org (Ludovic Courtès) skribis:

> gnu/packages/gcc.scm:324:2: gcc-4.9.3: probably vulnerable to CVE-2015-5276
> gnu/packages/image.scm:708:2: jasper-1.900.1: probably vulnerable to 
> CVE-2008-3522
> gnu/packages/pulseaudio.scm:44:2: libsndfile-1.0.25: probably vulnerable to 
> CVE-2015-7805
> gnu/packages/xml.scm:64:2: libxml2-2.9.2: probably vulnerable to 
> CVE-2015-7941, CVE-2015-7942
> gnu/packages/xml.scm:144:2: libxslt-1.1.28: probably vulnerable to 
> CVE-2015-7995

Interestingly, the GCC and libxslt ones are no longer visible at
<https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz>.
I wonder if there’s an eviction policy, but I don’t see it mentioned.

Ideas?

Ludo’.

Reply via email to