pyrox.dev
Merge pull request #228308 from NixOS/eol-xen
xen: mark EOL ≤ 4.15, add known CVEs in nixpkgs
authored by
Martin Weinelt
and committed by
GitHub
82110288
171987b2
+13
-2
pkgs/applications/virtualization/xen/generic.nix
+13
-2
pkgs/applications/virtualization/xen/generic.nix
···
244
244
+ "\nIncludes:\n"
245
245
+ withXenfiles (name: x: "* ${name}: ${x.meta.description or "(No description)"}.");
246
246
platforms = [ "x86_64-linux" ];
247
-
maintainers = with lib.maintainers; [ eelco oxij ];
247
+
maintainers = [ ];
248
248
license = lib.licenses.gpl2;
249
+
knownVulnerabilities = [
250
+
# https://www.openwall.com/lists/oss-security/2023/03/21/1
251
+
# Affects 3.2 (at *least*) - 4.17
252
+
"CVE-2022-42332"
253
+
# https://www.openwall.com/lists/oss-security/2023/03/21/2
254
+
# Affects 4.11 - 4.17
255
+
"CVE-2022-42333"
256
+
"CVE-2022-42334"
257
+
# https://www.openwall.com/lists/oss-security/2023/03/21/3
258
+
# Affects 4.15 - 4.17
259
+
"CVE-2022-42331"
249
260
# https://xenbits.xen.org/docs/unstable/support-matrix.html
250
-
knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [
261
+
] ++ lib.optionals (lib.versionOlder version "4.15") [
251
262
"This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
252
263
];
253
264
} // (config.meta or {});