alioth/nixpkgs
3
0
Fork 0
forked from mirrors/nixpkgs
Code Releases Activity

libplist: mark as insecure

Browse source 
Patches currently available don't seem to apply.
This commit is contained in:
Graham Christensen 2017-02-22 21:09:14 -05:00
parent 38771badd3
commit c8859b7264
No known key found for this signature in database
GPG key ID: 06121D366FE9435C
1 changed files with 7 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
pkgs/development/libraries/libplist/default.nix
View file

@ -28,5 +28,12 @@ in stdenv.mkDerivation rec {
homepage = http://github.com/JonathanBeck/libplist;
platforms = stdenv.lib.platforms.all;
maintainers = [ stdenv.lib.maintainers.urkud ];
knownVulnerabilities = [
"CVE-2017-5209: base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5545: attackers to obtain sensitive information from process memory or cause a denial of service"
"CVE-2017-5834: A heap-buffer overflow in parse_dict_node"
"CVE-2017-5835: A memory allocation error leading to DoS"
"CVE-2017-5836: A type inconsistency in bplist.c"
];
};
}