l...@gnu.org (Ludovic Courtès) skribis: > gnu/packages/gcc.scm:324:2: gcc-4.9.3: probably vulnerable to CVE-2015-5276 > gnu/packages/image.scm:708:2: jasper-1.900.1: probably vulnerable to > CVE-2008-3522 > gnu/packages/pulseaudio.scm:44:2: libsndfile-1.0.25: probably vulnerable to > CVE-2015-7805 > gnu/packages/xml.scm:64:2: libxml2-2.9.2: probably vulnerable to > CVE-2015-7941, CVE-2015-7942 > gnu/packages/xml.scm:144:2: libxslt-1.1.28: probably vulnerable to > CVE-2015-7995
Interestingly, the GCC and libxslt ones are no longer visible at <https://nvd.nist.gov/feeds/xml/cve/nvdcve-2.0-Modified.xml.gz>. I wonder if there’s an eviction policy, but I don’t see it mentioned. Ideas? Ludo’.