tobias/nixpkgs
1
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-11-09 16:18:34 +01:00
Code Issues Packages Projects Releases Wiki Activity

lima: add meta.knownVulnerabilities

Browse source 
The current version 1.0.7 (in release-25.05) is related to these CVEs.

refs:
  * 1.0.7 -> 1.1.1: 97c0a198aa
  * 1.2.1 -> 1.2.2: d0beb16463

Not-cherry-picked-because: Updating to 1.2.2 is not suitable for stable channels. This is because version 1.1.1 is not compatible, especially on the package manager side.
This commit is contained in:
Kenichi Kamiya 2025-11-06 23:28:41 +09:00
parent e8ad109a35
commit 2ddbda9467
No known key found for this signature in database
GPG key ID: 9BE4016A38165CCB
1 changed files with 8 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
pkgs/applications/virtualization/lima/default.nix
View file

@ -91,5 +91,13 @@ buildGoModule rec {
changelog = "https://github.com/lima-vm/lima/releases/tag/v${version}";
license = licenses.asl20;
maintainers = with maintainers; [ anhduy ];
knownVulnerabilities = [
"There are some CVEs in the nerdctl dependency. Has been fixed in Nixpkgs unstable."
"CVE-2024-25621"
"CVE-2025-64329"
"CVE-2025-31133"
"CVE-2025-52565"
"CVE-2025-52881"
];
};
}