batik: mark as insecure

The package hasn't been updated in a long time. There have been several issues with the package. There is no dependant package in the repository so marking it as insecure until someone maintains it sounds reasonable.
author: Andreas Rammhold <andreas@rammhold.de> 2018-10-16 00:16:17 +0200
committer: Andreas Rammhold <andreas@rammhold.de> 2018-10-26 12:17:58 +0200
commit: 1103b3fbe6e7349a1f95e7eb2f6f17af8210ab6e (patch)
tree: 96bde68ef7b31cca81181b7b48cc1bfb47dc8714
parent: 6ad3088b124504c873e239002b044e4b66607986 (diff)
1 files changed, 6 insertions, 0 deletions
diff --git a/pkgs/applications/graphics/batik/default.nix b/pkgs/applications/graphics/batik/default.nix
index 4032e2e3fee3..51156dea4a17 100644
--- a/pkgs/applications/graphics/batik/default.nix
+++ b/pkgs/applications/graphics/batik/default.nix
@@ -15,5 +15,11 @@ stdenv.mkDerivation {
     homepage = https://xmlgraphics.apache.org/batik;
     license = licenses.asl20;
     platforms = platforms.unix;
+    knownVulnerabilities = [
+      # vulnerabilities as of 16th October 2018 from https://xmlgraphics.apache.org/security.html:
+      "CVE-2018-8013"
+      "CVE-2017-5662"
+      "CVE-2015-0250"
+    ];
   };
 }
author	Andreas Rammhold <andreas@rammhold.de>	2018-10-16 00:16:17 +0200
committer	Andreas Rammhold <andreas@rammhold.de>	2018-10-26 12:17:58 +0200
commit	1103b3fbe6e7349a1f95e7eb2f6f17af8210ab6e (patch)
tree	96bde68ef7b31cca81181b7b48cc1bfb47dc8714
parent	6ad3088b124504c873e239002b044e4b66607986 (diff)