From 2de41666301f3e370c7b6ed736d0a1f5238d7122 Mon Sep 17 00:00:00 2001 From: Robert Scott Date: Wed, 4 Jan 2023 22:36:27 +0000 Subject: [PATCH] openimageio_1: add many knownVulnerabilties --- .../graphics/openimageio/default.nix | 29 +++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/pkgs/applications/graphics/openimageio/default.nix b/pkgs/applications/graphics/openimageio/default.nix index e5262ab98d0a..62dd3f4cc2c9 100644 --- a/pkgs/applications/graphics/openimageio/default.nix +++ b/pkgs/applications/graphics/openimageio/default.nix @@ -44,5 +44,34 @@ stdenv.mkDerivation rec { license = licenses.bsd3; maintainers = [ maintainers.goibhniu ]; platforms = platforms.unix; + knownVulnerabilities = [ + # all discovered in 2.x but there is no reason to + # believe that these or similar vulnerabilties aren't + # present in the totally unmaintained 1.x branch + "CVE-2022-36354" + "CVE-2022-38143" + "CVE-2022-41639" + "CVE-2022-41649" + "CVE-2022-41684" + "CVE-2022-41794" + "CVE-2022-41837" + "CVE-2022-41838" + "CVE-2022-41977" + "CVE-2022-41981" + "CVE-2022-41988" + "CVE-2022-41999" + "CVE-2022-43592" + "CVE-2022-43593" + "CVE-2022-43594" + "CVE-2022-43595" + "CVE-2022-43596" + "CVE-2022-43597" + "CVE-2022-43598" + "CVE-2022-43599" + "CVE-2022-43600" + "CVE-2022-43601" + "CVE-2022-43602" + "CVE-2022-43603" + ]; }; }