Merge pull request #151124 from iblech/patch-tightvnc-cve

tightvnc: mark as insecure (fixes #150704)
2021-12-17 21:56:38 +00:00 · 2021-12-17 21:56:38 +00:00 · 7cb82ec614
commit 7cb82ec614
parent 7de40c4783 034d277c6e
1 changed files with 4 additions and 0 deletions
--- a/pkgs/tools/admin/tightvnc/default.nix
+++ b/pkgs/tools/admin/tightvnc/default.nix
@ -82,5 +82,9 @@ stdenv.mkDerivation rec {

    maintainers = [];
    platforms = lib.platforms.unix;
+
+    knownVulnerabilities = [ "CVE-2021-42785" ];
+    # Unfortunately, upstream doesn't maintain the 1.3 branch anymore, and the
+    # new 2.x branch is substantially different (requiring either Windows or Java)
  };
 }