diff options
author | Robert Schütz <rschuetz17@gmail.com> | 2019-01-30 23:57:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-01-30 23:57:50 +0100 |
commit | c6e08579c503a8d0d3790bd32d229c93877333d6 (patch) | |
tree | 311697384bfa24af2e397a6fca60ce8f29f67d8f /pkgs/development | |
parent | 30c312341fbe435349f364fcd306a12c28fcde8d (diff) | |
download | nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.gz nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.bz2 nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.lz nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.xz nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.tar.zst nixlib-c6e08579c503a8d0d3790bd32d229c93877333d6.zip |
python.pkgs.django_1_8: mark as insecure (#54937)
Since CVE-2018-14574 and CVE-2019-3498 affect 1.11, it is very likely they also apply to 1.8. However, Django 1.8 has reached EOL in April 2018 and the patches were not backported.
Diffstat (limited to 'pkgs/development')
-rw-r--r-- | pkgs/development/python-modules/django/1_8.nix | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/pkgs/development/python-modules/django/1_8.nix b/pkgs/development/python-modules/django/1_8.nix index 30d75e73c68d..ee2408f73405 100644 --- a/pkgs/development/python-modules/django/1_8.nix +++ b/pkgs/development/python-modules/django/1_8.nix @@ -25,6 +25,11 @@ buildPythonPackage rec { description = "A high-level Python Web framework"; homepage = https://www.djangoproject.com/; license = licenses.bsd0; + knownVulnerabilities = [ + # The patches were not backported due to Django 1.8 having reached EOL + https://www.djangoproject.com/weblog/2018/aug/01/security-releases/ + https://www.djangoproject.com/weblog/2019/jan/04/security-releases/ + ]; }; } |