Commit bc4dc452 authored by Thomas Gerbet's avatar Thomas Gerbet
Browse files

envoy: flag as vulnerable to CVE-2024-30255 

Envoy 1.27.4 [0] contains the fix but upgrading it is
not straightforward as the build of the current version
is already broken and only thanks to the caching of the deps
(seems to be the case since the removal of Go 1.20).

Fixing the build seems to require more Bazel knownledge than I have
and the the usual maintainer is currently not available.

[0] https://github.com/envoyproxy/envoy/releases/tag/v1.27.4
parent ddcd5f27

pkgs/servers/http/envoy/default.nix

+1 −0
Original line number Diff line number Diff line
@@ -197,5 +197,6 @@ buildBazelPackage { 
    license = licenses.asl20;

    maintainers = with maintainers; [ lukegb ];

    platforms = [ "x86_64-linux" "aarch64-linux" ];

    knownVulnerabilities = [ "CVE-2024-30255" ];

  };

}