libplist: mark as insecure

Patches currently available don't seem to apply.
This commit is contained in:
Graham Christensen 2017-02-22 21:09:14 -05:00
parent a9c875fc2e
commit 30cea5f022
No known key found for this signature in database
GPG Key ID: 06121D366FE9435C

View File

@ -28,5 +28,12 @@ in stdenv.mkDerivation rec {
homepage = http://github.com/JonathanBeck/libplist;
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.urkud ];
knownVulnerabilities = [
"CVE-2017-5209: base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5545: attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5834: A heap-buffer overflow in parse_dict_node"
"CVE-2017-5835: A memory allocation error leading to DoS"
"CVE-2017-5836: A type inconsistency in bplist.c"
];
};
}