Merge commit 'd96bd3394b734487d1c3bfbac0e8f17465e03afe'

author: Katharina Fey <kookie@spacekookie.de> 2020-03-24 10:15:32 +0100
committer: Katharina Fey <kookie@spacekookie.de> 2020-03-24 10:15:32 +0100
commit: 96f063dd321abc80ecaa156226cfb7cf9540315a (patch)
tree: 7a53ef61484fc7bfff6419b1fd635c67199f27d2 /nixpkgs/pkgs/applications/virtualization/rkt/default.nix
parent: af58f08d3d524e7b008b73a8497ea710915ffaf1 (diff)
parent: d96bd3394b734487d1c3bfbac0e8f17465e03afe (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix
index fd0bd92faa6..bacd175197d 100644
--- a/nixpkgs/pkgs/applications/virtualization/rkt/default.nix
+++ b/nixpkgs/pkgs/applications/virtualization/rkt/default.nix
@@ -69,5 +69,10 @@ in stdenv.mkDerivation rec {
     license = licenses.asl20;
     maintainers = with maintainers; [ ragge steveej ];
     platforms = [ "x86_64-linux" ];
+    knownVulnerabilities = [
+      "CVE-2019-10144: processes run with `rkt enter` are given all capabilities during stage 2"
+      "CVE-2019-10145: processes run with `rkt enter` do not have seccomp filtering during stage 2"
+      "CVE-2019-10147: processes run with `rkt enter` are not limited by cgroups during stage 2"
+    ];
   };
 }
author	Katharina Fey <kookie@spacekookie.de>	2020-03-24 10:15:32 +0100
committer	Katharina Fey <kookie@spacekookie.de>	2020-03-24 10:15:32 +0100
commit	96f063dd321abc80ecaa156226cfb7cf9540315a (patch)
tree	7a53ef61484fc7bfff6419b1fd635c67199f27d2 /nixpkgs/pkgs/applications/virtualization/rkt/default.nix
parent	af58f08d3d524e7b008b73a8497ea710915ffaf1 (diff)
parent	d96bd3394b734487d1c3bfbac0e8f17465e03afe (diff)