From dddf103e809579a24346098f49fc9530454a492d Mon Sep 17 00:00:00 2001
From: Pierre Bourdon <delroth@gmail.com>
Date: Sat, 30 Sep 2023 17:29:34 +0200
Subject: armcord,mailspring: mark as insecure (CVE-2023-4863)

See #254798. Upstream has not provided any update for this critical
vulnerability in > 2 weeks. These programs are also likely vulnerable to
many more old vulnerabilities due to using EOL versions of Electron.
---
 pkgs/applications/networking/instant-messengers/armcord/default.nix | 1 +
 1 file changed, 1 insertion(+)

(limited to 'pkgs/applications/networking/instant-messengers/armcord/default.nix')

diff --git a/pkgs/applications/networking/instant-messengers/armcord/default.nix b/pkgs/applications/networking/instant-messengers/armcord/default.nix
index 1f0d01b6f905f..1c7342c143df3 100644
--- a/pkgs/applications/networking/instant-messengers/armcord/default.nix
+++ b/pkgs/applications/networking/instant-messengers/armcord/default.nix
@@ -138,5 +138,6 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ ludovicopiero wrmilling ];
     platforms = [ "x86_64-linux" "aarch64-linux" ];
     mainProgram = "armcord";
+    knownVulnerabilities = [ "CVE-2023-4863" ];
   };
 }
-- 
cgit 1.4.1