openimageio_1: add many knownVulnerabilties

author: Robert Scott <code@humanleg.org.uk> 2023-01-04 22:36:27 +0000
committer: Robert Scott <code@humanleg.org.uk> 2023-01-05 20:26:49 +0000
commit: 2de41666301f3e370c7b6ed736d0a1f5238d7122 (patch)
tree: 0dc33232bfcada9f7569217c84c995507c8f79ed /pkgs/applications/graphics
parent: a1deb65b097b841f0a9f70198617277a3ca9c250 (diff)
1 files changed, 29 insertions, 0 deletions
diff --git a/pkgs/applications/graphics/openimageio/default.nix b/pkgs/applications/graphics/openimageio/default.nix
index e5262ab98d0a9..62dd3f4cc2c92 100644
--- a/pkgs/applications/graphics/openimageio/default.nix
+++ b/pkgs/applications/graphics/openimageio/default.nix
@@ -44,5 +44,34 @@ stdenv.mkDerivation rec {
     license = licenses.bsd3;
     maintainers = [ maintainers.goibhniu ];
     platforms = platforms.unix;
+    knownVulnerabilities = [
+      # all discovered in 2.x but there is no reason to
+      # believe that these or similar vulnerabilties aren't
+      # present in the totally unmaintained 1.x branch
+      "CVE-2022-36354"
+      "CVE-2022-38143"
+      "CVE-2022-41639"
+      "CVE-2022-41649"
+      "CVE-2022-41684"
+      "CVE-2022-41794"
+      "CVE-2022-41837"
+      "CVE-2022-41838"
+      "CVE-2022-41977"
+      "CVE-2022-41981"
+      "CVE-2022-41988"
+      "CVE-2022-41999"
+      "CVE-2022-43592"
+      "CVE-2022-43593"
+      "CVE-2022-43594"
+      "CVE-2022-43595"
+      "CVE-2022-43596"
+      "CVE-2022-43597"
+      "CVE-2022-43598"
+      "CVE-2022-43599"
+      "CVE-2022-43600"
+      "CVE-2022-43601"
+      "CVE-2022-43602"
+      "CVE-2022-43603"
+    ];
   };
 }
author	Robert Scott <code@humanleg.org.uk>	2023-01-04 22:36:27 +0000
committer	Robert Scott <code@humanleg.org.uk>	2023-01-05 20:26:49 +0000
commit	2de41666301f3e370c7b6ed736d0a1f5238d7122 (patch)
tree	0dc33232bfcada9f7569217c84c995507c8f79ed /pkgs/applications/graphics
parent	a1deb65b097b841f0a9f70198617277a3ca9c250 (diff)