From c6e08579c503a8d0d3790bd32d229c93877333d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Robert=20Sch=C3=BCtz?= <rschuetz17@gmail.com>
Date: Wed, 30 Jan 2019 23:57:50 +0100
Subject: [PATCH] python.pkgs.django_1_8: mark as insecure (#54937)

Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely
they also apply to 1.8. However, Django 1.8 has reached EOL in April
2018 and the patches were not backported.
---
 pkgs/development/python-modules/django/1_8.nix | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/pkgs/development/python-modules/django/1_8.nix b/pkgs/development/python-modules/django/1_8.nix
index 30d75e73c68..ee2408f7340 100644
--- a/pkgs/development/python-modules/django/1_8.nix
+++ b/pkgs/development/python-modules/django/1_8.nix
@@ -25,6 +25,11 @@ buildPythonPackage rec {
     description = "A high-level Python Web framework";
     homepage = https://www.djangoproject.com/;
     license = licenses.bsd0;
+    knownVulnerabilities = [
+      # The patches were not backported due to Django 1.8 having reached EOL
+      https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
+      https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
+    ];
   };
 
 }