Skip to content

Commit

Permalink
jasper: mark as vulnerable
Browse files Browse the repository at this point in the history 
Many memory issues remain unfixed or partially fixed:
CVE-2018-18873 CVE-2018-19539 CVE-2018-19540 CVE-2018-19541
CVE-2018-9252 CVE-2018-19542 CVE-2018-19543 CVE-2018-20570
CVE-2018-20584 CVE-2018-20622 CVE-2018-9252

Debian/Ubuntu, OpenSuSE and Gentoo removed it entirely. See:
jasper-software/jasper#208
  • Loading branch information
@c0bw3b
c0bw3b committed Nov 20, 2019
1 parent 9a48332 commit a0d335f
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions pkgs/development/libraries/jasper/default.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,5 +42,10 @@ stdenv.mkDerivation rec {
platforms = platforms.unix;
license = licenses.jasper;
maintainers = with maintainers; [ pSub ];
knownVulnerabilities = [
"Numerous CVE unsolved upstream"
"See: https://github.com/NixOS/nixpkgs/pull/57681#issuecomment-475857499"
"See: https://github.com/mdadams/jasper/issues/208"
];
};
}

0 comments on commit a0d335f

Please sign in to comment.