From 8ff37d9c45468951f18e0c5dc4d456c9f85817dd Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Wed, 20 Mar 2019 14:30:49 +0100 Subject: [PATCH] rssh: mark as insecure There seems to be a consensus among many packagers that RSSH is probably no longer a good idea. There are a few fixes for some of the issues but people should move on and use other software these days. Removing it from further (stable) releases is probably a good idea. If someone really needs it we still have it in the tree and they can whitelist it again. --- pkgs/shells/rssh/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/pkgs/shells/rssh/default.nix b/pkgs/shells/rssh/default.nix index c58fda28db05..d061c888f60a 100644 --- a/pkgs/shells/rssh/default.nix +++ b/pkgs/shells/rssh/default.nix @@ -84,6 +84,11 @@ stdenv.mkDerivation rec { license = licenses.bsd2; platforms = platforms.linux; maintainers = with maintainers; [ arobyn ]; + knownVulnerabilities = [ + "CVE-2019-1000018" + "CVE-2019-3463" + "CVE-2019-3464" + ]; }; passthru = {