batik: mark as insecure

The package hasn't been updated in a long time. There have been several issues with the package. There is no dependant package in the repository so marking it as insecure until someone maintains it sounds reasonable.
2018-10-16 00:16:17 +02:00
parent 6ad3088b12
commit 1103b3fbe6
1 changed files with 6 additions and 0 deletions
--- a/pkgs/applications/graphics/batik/default.nix
+++ b/pkgs/applications/graphics/batik/default.nix
@@ -15,5 +15,11 @@ stdenv.mkDerivation {
    homepage = https://xmlgraphics.apache.org/batik;
    license = licenses.asl20;
    platforms = platforms.unix;
+    knownVulnerabilities = [
+      # vulnerabilities as of 16th October 2018 from https://xmlgraphics.apache.org/security.html:
+      "CVE-2018-8013"
+      "CVE-2017-5662"
+      "CVE-2015-0250"
+    ];
  };
 }