Closed raboof closed 8 months ago
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2021-32490 in djvulibre.
This is a false positive, because nixpkgs contains a patch for this issue.
So likely we should fix this with #75
fixed with aac2c10
Running the local scanner on the testcase at https://github.com/Nix-Security-WG/nix-security-tracker/tree/c35f957fc02b101ee06eb5096d7f05cd87e539d73be45b19d4b97520173c48defa4c6747156d6dcf, it reports CVE-2021-32490 in djvulibre.
This is a false positive, because nixpkgs contains a patch for this issue.
So likely we should fix this with #75