Merge pull request #123463 from ninjin/julia_10-bin-cve

julia: mark julia_10-bin as insecure
2025-02-01 17:53:14 +00:00 · 2021-05-18 12:03:25 +00:00 · 2021-05-18 12:03:25 +00:00 · 9f67421fe8
commit 9f67421fe8
parent 614e22f8d2 61b8bf948e
1 changed files with 8 additions and 0 deletions
--- a/pkgs/development/compilers/julia/1.0-bin.nix
+++ b/pkgs/development/compilers/julia/1.0-bin.nix
@ -68,5 +68,13 @@ stdenv.mkDerivation rec {
    license = lib.licenses.gpl2Plus;
    maintainers = with lib.maintainers; [ ninjin raskin ];
    platforms = [ "x86_64-linux" ];
+    knownVulnerabilities = [
+      # Built with libgit2 v0.27.2:
+      #   https://github.com/JuliaLang/julia/blob/e0837d1e64a9e4d17534a9f981e9a2a3f221356f/deps/libgit2.version
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-12278
+      "CVE-2020-12278"
+      # https://nvd.nist.gov/vuln/detail/CVE-2020-12279
+      "CVE-2020-12279"
+    ];
  };
 }