From 9438baa49d527dd7f748e90bdfea576cd1daa0db Mon Sep 17 00:00:00 2001
From: Imran Hossain <hi@imranh.org>
Date: Sun, 22 Oct 2023 17:28:56 -0400
Subject: [PATCH] zotero: mark as insecure (CVE-2023-5217)

Zotero 6 is based on Firefox 60 and has not patched this vulnerability.
The next version is based on Firefox 102 (ESR) and has patched this, but
is is still in beta.

See also NixOS/nixpkgs#258048.
---
 pkgs/applications/office/zotero/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/applications/office/zotero/default.nix b/pkgs/applications/office/zotero/default.nix
index 9be6994d6a0d..506b934d77c9 100644
--- a/pkgs/applications/office/zotero/default.nix
+++ b/pkgs/applications/office/zotero/default.nix
@@ -153,5 +153,6 @@ stdenv.mkDerivation rec {
     license = licenses.agpl3Only;
     platforms = platforms.linux;
     maintainers = with maintainers; [ i077 ];
+    knownVulnerabilities = [ "CVE-2023-5217" ];
   };
 }