colin/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

libplist: mark as insecure

Browse Source 
Patches currently available don't seem to apply.
This commit is contained in:
Graham Christensen 2017-02-22 21:09:14 -05:00
parent a9c875fc2e
commit 30cea5f022
No known key found for this signature in database
GPG Key ID: 06121D366FE9435C
1 changed files with 7 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
pkgs/development/libraries/libplist/default.nix
View File

@ -28,5 +28,12 @@ in stdenv.mkDerivation rec {
homepage = http://github.com/JonathanBeck/libplist;
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.urkud ];
knownVulnerabilities = [
"CVE-2017-5209: base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5545: attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5834: A heap-buffer overflow in parse_dict_node"
"CVE-2017-5835: A memory allocation error leading to DoS"
"CVE-2017-5836: A type inconsistency in bplist.c"
];
};
}