JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jasper: mark as vulnerable

Browse Source 
Many memory issues remain unfixed or partially fixed:
CVE-2018-18873 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541
CVE-2018-9252 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570
CVE-2018-20584 CVE-2018-20622 CVE-2018-9252

Debian/Ubuntu, OpenSuSE and Gentoo removed it entirely. See:
https://github.com/mdadams/jasper/issues/208
This commit is contained in:
c0bw3b 2019-11-17 21:43:52 +01:00
parent 9a48332935
commit a0d335ff39
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
pkgs/development/libraries/jasper/default.nix
View File

@ -42,5 +42,10 @@ stdenv.mkDerivation rec {
platforms = platforms.unix; platforms = platforms.unix;
license = licenses.jasper; license = licenses.jasper;
maintainers = with maintainers; [ pSub ]; maintainers = with maintainers; [ pSub ];
knownVulnerabilities = [
"Numerous CVE unsolved upstream"
"See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499"
"See: https://github.com/mdadams/jasper/issues/208"
];
}; };
} }