From a0d335ff39c4280456b293fb83582d7a0cc6b939 Mon Sep 17 00:00:00 2001 From: c0bw3b Date: Sun, 17 Nov 2019 21:43:52 +0100 Subject: [PATCH] jasper: mark as vulnerable Many memory issues remain unfixed or partially fixed: CVE-2018-18873 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541 CVE-2018-9252 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570 CVE-2018-20584 CVE-2018-20622 CVE-2018-9252 Debian/Ubuntu, OpenSuSE and Gentoo removed it entirely. See: https://github.com/mdadams/jasper/issues/208 --- pkgs/development/libraries/jasper/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/development/libraries/jasper/default.nix b/pkgs/development/libraries/jasper/default.nix index 1bad3394b6ac..093fd0c5f28a 100644 --- a/pkgs/development/libraries/jasper/default.nix +++ b/pkgs/development/libraries/jasper/default.nix @@ -42,5 +42,10 @@ stdenv.mkDerivation rec { platforms = platforms.unix; license = licenses.jasper; maintainers = with maintainers; [ pSub ]; + knownVulnerabilities = [ + "Numerous CVE unsolved upstream" + "See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499" + "See: https://github.com/mdadams/jasper/issues/208" + ]; }; }