diff options
author | Scott Worley <scottworley@scottworley.com> | 2021-12-23 15:05:51 -0800 |
---|---|---|
committer | Scott Worley <scottworley@scottworley.com> | 2022-01-02 15:31:55 -0800 |
commit | 920c5cd2b4993e245e5fd32ba9648a2bef54afbe (patch) | |
tree | a9e13ced2e9b302f4807e4d1014bac804cdf2b52 /pkgs/applications/graphics/opentoonz | |
parent | a20e31bf09daf629f36c6b773044663d04d6c536 (diff) |
opentoonz-libtiff: Note knownVulnerabilities
Diffstat (limited to 'pkgs/applications/graphics/opentoonz')
-rw-r--r-- | pkgs/applications/graphics/opentoonz/libtiff.nix | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/pkgs/applications/graphics/opentoonz/libtiff.nix b/pkgs/applications/graphics/opentoonz/libtiff.nix index 4ab6a44a39b35..43ba1592ccc2d 100644 --- a/pkgs/applications/graphics/opentoonz/libtiff.nix +++ b/pkgs/applications/graphics/opentoonz/libtiff.nix @@ -34,6 +34,23 @@ in stdenv.mkDerivation { ''; meta = libtiff.meta // { + knownVulnerabilities = ['' + Do not open untrusted files with Opentoonz: + Opentoonz uses an old custom fork of tibtiff from 2012 that is known to + be affected by at least these 50 vulnerabilities: + CVE-2012-4564 CVE-2013-4232 CVE-2013-4243 CVE-2013-4244 CVE-2014-8127 + CVE-2014-8128 CVE-2014-8129 CVE-2014-8130 CVE-2014-9330 CVE-2015-1547 + CVE-2015-8781 CVE-2015-8782 CVE-2015-8783 CVE-2015-8784 CVE-2015-8870 + CVE-2016-3620 CVE-2016-3621 CVE-2016-3623 CVE-2016-3624 CVE-2016-3625 + CVE-2016-3631 CVE-2016-3632 CVE-2016-3633 CVE-2016-3634 CVE-2016-3658 + CVE-2016-3945 CVE-2016-3990 CVE-2016-3991 CVE-2016-5102 CVE-2016-5314 + CVE-2016-5315 CVE-2016-5316 CVE-2016-5318 CVE-2016-5319 CVE-2016-5321 + CVE-2016-5322 CVE-2016-5323 CVE-2016-6223 CVE-2016-9453 CVE-2016-9532 + CVE-2017-9935 CVE-2017-9937 CVE-2018-10963 CVE-2018-5360 + CVE-2019-14973 CVE-2019-17546 CVE-2020-35521 CVE-2020-35522 + CVE-2020-35523 CVE-2020-35524 + More info at https://github.com/opentoonz/opentoonz/issues/4193 + '']; maintainers = with lib.maintainers; [ chkno ]; }; } |