python.pkgs.django_1_8: mark as insecure (#54937)

Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely
they also apply to 1.8. However, Django 1.8 has reached EOL in April
2018 and the patches were not backported.

1 files changed, 5 insertions, 0 deletions

diff --git a/pkgs/development/python-modules/django/1_8.nix b/pkgs/development/python-modules/django/1_8.nix
index 30d75e73c68..ee2408f7340 100644
--- a/pkgs/development/python-modules/django/1_8.nix
+++ b/pkgs/development/python-modules/django/1_8.nix
@@ -25,6 +25,11 @@ buildPythonPackage rec {
     description = "A high-level Python Web framework";
     homepage = https://www.djangoproject.com/;
     license = licenses.bsd0;
+    knownVulnerabilities = [
+      # The patches were not backported due to Django 1.8 having reached EOL
+      https://www.djangoproject.com/weblog/2018/aug/01/security-releases/
+      https://www.djangoproject.com/weblog/2019/jan/04/security-releases/
+    ];
   };
 
 }