Commit 069f7de1 authored by Emily's avatar Emily
Browse files

olm: add more information to `knownVulnerabilities` 

CVE numbers were assigned, and This Week in Matrix included an
announcement from the Matrix.org project lead. An official post from
the Matrix.org Foundation is apparently still pending.
parent 98a9b6e6

pkgs/development/libraries/olm/default.nix

+9 −2
Original line number Diff line number Diff line
@@ -51,6 +51,12 @@ stdenv.mkDerivation rec { 


      For further information, see:



      * The CVE records for the known vulnerabilities:



        * CVE-2024-45191

        * CVE-2024-45192

        * CVE-2024-45193



      * The libolm deprecation notice:

        <https://gitlab.matrix.org/matrix-org/olm/-/blob/6d4b5b07887821a95b144091c8497d09d377f985/README.md#important-libolm-is-now-deprecated>
@@ -60,8 +66,9 @@ stdenv.mkDerivation rec { 
      * The blog post disclosing the details of the known vulnerabilities:

        <https://soatok.blog/2024/08/14/security-issues-in-matrixs-olm-library/>



      * The Matrix.org project lead’s response to the disclosure:

        <https://news.ycombinator.com/item?id=41249371>

      * The announcement in This Week in Matrix from the Matrix.org

        project lead:

        <https://matrix.org/blog/2024/08/16/this-week-in-matrix-2024-08-16/#dept-of-encryption-closed-lock-with-key>



      * A (likely incomplete) aggregation of client tracking issue links:

        <https://github.com/NixOS/nixpkgs/pull/334638#issuecomment-2289025802>