rssh: mark as insecure

There seems to be a consensus among many packagers that RSSH is
probably no longer a good idea. There are a few fixes for some of the
issues but people should move on and use other software these days.

Removing it from further (stable) releases is probably a good idea. If
someone really needs it we still have it in the tree and they can
whitelist it again.
This commit is contained in:
Andreas Rammhold 2019-03-20 14:30:49 +01:00
parent de0612c46c
commit 8ff37d9c45
No known key found for this signature in database
GPG Key ID: E432E410B5E48C86

View File

@ -84,6 +84,11 @@ stdenv.mkDerivation rec {
license = licenses.bsd2;
platforms = platforms.linux;
maintainers = with maintainers; [ arobyn ];
knownVulnerabilities = [
"CVE-2019-1000018"
"CVE-2019-3463"
"CVE-2019-3464"
];
};
passthru = {