Unverified Commit afc8879d authored by Luna Nova's avatar Luna Nova
Browse files

whisper: set knownVulnerabilities due to dated vendored libraries 

whisper vendors libraries acof, aelf, deflate, bzip2, zlib 
that haven't been updated in 6-8 years
parent 135013a6

pkgs/by-name/wh/whisper/package.nix

+9 −0
Original line number Diff line number Diff line
@@ -51,6 +51,15 @@ stdenv.mkDerivation rec { 
    broken = stdenv.hostPlatform.isDarwin;

    description = "Short read sequence mapper";

    license = licenses.gpl3;

    # vendored libraries acof, aelf, deflate, bzip2, zlib

    # https://github.com/refresh-bio/Whisper/issues/18

    knownVulnerabilities = [

      # src/libs/libz.a from 2017

      "CVE-2018-25032"

      "CVE-2022-37434"

      # src/libs/libbzip2.lib

      "CVE-2019-12900"

    ];

    homepage = "https://github.com/refresh-bio/whisper";

    maintainers = with maintainers; [ jbedo ];

    platforms = platforms.x86_64;