diff options
author | Robert Schütz <rschuetz17@gmail.com> | 2019-01-30 23:57:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-30 23:57:50 +0100 |
commit | c6e08579c503a8d0d3790bd32d229c93877333d6 (patch) | |
tree | 311697384bfa24af2e397a6fca60ce8f29f67d8f | |
parent | 30c312341fbe435349f364fcd306a12c28fcde8d (diff) | |
download | nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.gz nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.bz2 nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.lz nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.xz nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.zst nixpkgs-c6e08579c503a8d0d3790bd32d229c93877333d6.zip |
python.pkgs.django_1_8: mark as insecure (#54937)
Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely they also apply to 1.8. However, Django 1.8 has reached EOL in April 2018 and the patches were not backported.
-rw-r--r-- | pkgs/development/python-modules/django/1_8.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/development/python-modules/django/1_8.nix b/pkgs/development/python-modules/django/1_8.nix index 30d75e73c68..ee2408f7340 100644 --- a/pkgs/development/python-modules/django/1_8.nix +++ b/pkgs/development/python-modules/django/1_8.nix @@ -25,6 +25,11 @@ buildPythonPackage rec { description = "A high-level Python Web framework"; homepage = https://www.djangoproject.com/; license = licenses.bsd0; + knownVulnerabilities = [ + # The patches were not backported due to Django 1.8 having reached EOL + https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ + https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ + ]; }; } |