Admins will be upgrading ORNL GitLab Servers on Saturday, 16 May 2026, from 7 AM until 11 AM EST. Repositories will experience intermittent outages during this time.

Unverified Commit dddf103e authored Sep 30, 2023 by Pierre Bourdon

armcord,mailspring: mark as insecure (CVE-2023-4863)

See #254798. Upstream has not provided any update for this critical
vulnerability in > 2 weeks. These programs are also likely vulnerable to
many more old vulnerabilities due to using EOL versions of Electron.

parent 7ac382de

pkgs/applications/networking/instant-messengers/armcord/default.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -138,5 +138,6 @@ stdenv.mkDerivation rec {
		maintainers = with maintainers; [ ludovicopiero wrmilling ];
		platforms = [ "x86_64-linux" "aarch64-linux" ];
		mainProgram = "armcord";
		knownVulnerabilities = [ "CVE-2023-4863" ];
		};
		}

pkgs/applications/networking/mailreaders/mailspring/default.nix

+1 −0

Original line number	Diff line number	Diff line
		@@ -99,5 +99,6 @@ stdenv.mkDerivation rec {
		homepage = "https://getmailspring.com";
		downloadPage = "https://github.com/Foundry376/Mailspring";
		platforms = [ "x86_64-linux" ];
		knownVulnerabilities = [ "CVE-2023-4863" ];
		};
		}