From dddf103e809579a24346098f49fc9530454a492d Mon Sep 17 00:00:00 2001 From: Pierre Bourdon Date: Sat, 30 Sep 2023 17:29:34 +0200 Subject: [PATCH] armcord,mailspring: mark as insecure (CVE-2023-4863) See #254798. Upstream has not provided any update for this critical vulnerability in > 2 weeks. These programs are also likely vulnerable to many more old vulnerabilities due to using EOL versions of Electron. --- .../networking/instant-messengers/armcord/default.nix | 1 + pkgs/applications/networking/mailreaders/mailspring/default.nix | 1 + 2 files changed, 2 insertions(+) diff --git a/pkgs/applications/networking/instant-messengers/armcord/default.nix b/pkgs/applications/networking/instant-messengers/armcord/default.nix index 1f0d01b6f905..1c7342c143df 100644 --- a/pkgs/applications/networking/instant-messengers/armcord/default.nix +++ b/pkgs/applications/networking/instant-messengers/armcord/default.nix @@ -138,5 +138,6 @@ stdenv.mkDerivation rec { maintainers = with maintainers; [ ludovicopiero wrmilling ]; platforms = [ "x86_64-linux" "aarch64-linux" ]; mainProgram = "armcord"; + knownVulnerabilities = [ "CVE-2023-4863" ]; }; } diff --git a/pkgs/applications/networking/mailreaders/mailspring/default.nix b/pkgs/applications/networking/mailreaders/mailspring/default.nix index 9b5adb3a9772..4f61935faac1 100644 --- a/pkgs/applications/networking/mailreaders/mailspring/default.nix +++ b/pkgs/applications/networking/mailreaders/mailspring/default.nix @@ -99,5 +99,6 @@ stdenv.mkDerivation rec { homepage = "https://getmailspring.com"; downloadPage = "https://github.com/Foundry376/Mailspring"; platforms = [ "x86_64-linux" ]; + knownVulnerabilities = [ "CVE-2023-4863" ]; }; }