openssh_hpn/openssh_gssapi: Add CVE-2021-28041

2 files changed, 10 insertions, 1 deletions

diff --git a/pkgs/tools/networking/openssh/common.nix b/pkgs/tools/networking/openssh/common.nix
index 9d4aaad25cd..0fefcc259fb 100644
--- a/pkgs/tools/networking/openssh/common.nix
+++ b/pkgs/tools/networking/openssh/common.nix
@@ -4,6 +4,7 @@
 , src
 , extraPatches ? []
 , extraNativeBuildInputs ? []
+, extraMeta ? {}
 }:
 
 { lib, stdenv
@@ -111,5 +112,5 @@ stdenv.mkDerivation rec {
     license = licenses.bsd2;
     platforms = platforms.unix ++ platforms.windows;
     maintainers = with maintainers; [ eelco aneeshusa ];
-  };
+  } // extraMeta;
 }
diff --git a/pkgs/tools/networking/openssh/default.nix b/pkgs/tools/networking/openssh/default.nix
index 67082b15bc5..3ea35daaeb3 100644
--- a/pkgs/tools/networking/openssh/default.nix
+++ b/pkgs/tools/networking/openssh/default.nix
@@ -33,6 +33,10 @@ in {
     ];
 
     extraNativeBuildInputs = [ autoreconfHook ];
+
+    extraMeta.knownVulnerabilities = [
+      "CVE-2021-28041"
+    ];
   };
 
   openssh_gssapi = common rec {
@@ -59,5 +63,9 @@ in {
     ];
 
     extraNativeBuildInputs = [ autoreconfHook ];
+
+    extraMeta.knownVulnerabilities = [
+      "CVE-2021-28041"
+    ];
   };
 }