diff options
| author | Martin Weinelt <hexa@darmstadt.ccc.de> | 2022-01-25 13:46:22 +0100 |
|---|---|---|
| committer | github-actions[bot] <github-actions[bot]@users.noreply.github.com> | 2022-01-26 22:31:14 +0000 |
| commit | 31606a6b78115b13bc50b01744ee4adec93c7cab (patch) | |
| tree | b5cd3e4df2cc34274eb2d2fef9d3ed577114555c | |
| parent | Merge pull request #156896 from NixOS/backport-156889-to-release-21.11 (diff) | |
| download | nixpkgs-31606a6b78115b13bc50b01744ee4adec93c7cab.tar.gz | |
xen: mark unsupported versions as vulnerable
Our support for Xen lacks maintenance and since Xen has monthly security
advisories it is reasonable to assume our version is affected by a
multitude of security problems that are fixed upstream.
How many advisories? Browsing oss-security shows the following number of
advisories in each of the following years:
2022: 3
2021: 53
2020: 54
2019: 46 <-- we are *here*
https://xenbits.xen.org/docs/unstable/support-matrix.html
(cherry picked from commit 39341ed38be4695623893222b4b82873b348bb61)
| -rw-r--r-- | pkgs/applications/virtualization/xen/generic.nix | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/pkgs/applications/virtualization/xen/generic.nix b/pkgs/applications/virtualization/xen/generic.nix index 8299304045d0..0a2febd0589f 100644 --- a/pkgs/applications/virtualization/xen/generic.nix +++ b/pkgs/applications/virtualization/xen/generic.nix @@ -254,5 +254,9 @@ stdenv.mkDerivation (rec { platforms = [ "x86_64-linux" ]; maintainers = with lib.maintainers; [ eelco tstrobel oxij ]; license = lib.licenses.gpl2; + # https://xenbits.xen.org/docs/unstable/support-matrix.html + knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [ + "This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html" + ]; } // (config.meta or {}); } // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ]) |