From 1103b3fbe6e7349a1f95e7eb2f6f17af8210ab6e Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Tue, 16 Oct 2018 00:16:17 +0200 Subject: [PATCH] batik: mark as insecure The package hasn't been updated in a long time. There have been several issues with the package. There is no dependant package in the repository so marking it as insecure until someone maintains it sounds reasonable. --- pkgs/applications/graphics/batik/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/pkgs/applications/graphics/batik/default.nix b/pkgs/applications/graphics/batik/default.nix index 4032e2e3fee..51156dea4a1 100644 --- a/pkgs/applications/graphics/batik/default.nix +++ b/pkgs/applications/graphics/batik/default.nix @@ -15,5 +15,11 @@ stdenv.mkDerivation { homepage = https://xmlgraphics.apache.org/batik; license = licenses.asl20; platforms = platforms.unix; + knownVulnerabilities = [ + # vulnerabilities as of 16th October 2018 from https://xmlgraphics.apache.org/security.html: + "CVE-2018-8013" + "CVE-2017-5662" + "CVE-2015-0250" + ]; }; }