From c8859b7264ec8b3dc8c5e9750cf461ac20615e52 Mon Sep 17 00:00:00 2001
From: Graham Christensen <graham@grahamc.com>
Date: Wed, 22 Feb 2017 21:09:14 -0500
Subject: libplist: mark as insecure

Patches currently available don't seem to apply.
---
 pkgs/development/libraries/libplist/default.nix | 7 +++++++
 1 file changed, 7 insertions(+)

(limited to 'pkgs')

diff --git a/pkgs/development/libraries/libplist/default.nix b/pkgs/development/libraries/libplist/default.nix
index 4de5a23569e..b98fdbdb470 100644
--- a/pkgs/development/libraries/libplist/default.nix
+++ b/pkgs/development/libraries/libplist/default.nix
@@ -28,5 +28,12 @@ in stdenv.mkDerivation rec {
     homepage = http://github.com/JonathanBeck/libplist;
     platforms = stdenv.lib.platforms.all;
     maintainers = [ stdenv.lib.maintainers.urkud ];
+    knownVulnerabilities = [
+      "CVE-2017-5209: base64decode function in base64.c allows attackers to obtain sensitive information from process memory or cause a denial of service"
+      "CVE-2017-5545: attackers to obtain sensitive information from process memory or cause a denial of service"
+      "CVE-2017-5834: A heap-buffer overflow in parse_dict_node"
+      "CVE-2017-5835: A memory allocation error leading to DoS"
+      "CVE-2017-5836: A type inconsistency in bplist.c"
+    ];
   };
 }
-- 
cgit 1.4.1