about summary refs log tree commit diff
path: root/blacklisting/blacklist.xml
diff options
context:
space:
mode:
authorEelco Dolstra <e.dolstra@tudelft.nl>2005-03-24T14·07+0000
committerEelco Dolstra <e.dolstra@tudelft.nl>2005-03-24T14·07+0000
commitd1487d9015222c33680c7727c31e3b499c620610 (patch)
tree5ab112750a036ba68d077712b81d4033e57cb9f3 /blacklisting/blacklist.xml
parent009752ca70f2db7775d279d46dd7cf1b127fad88 (diff)
* This is a better location to keep the blacklist, since it can evolve
  separately from Nix or Nixpkgs.

Diffstat (limited to 'blacklisting/blacklist.xml')
-rw-r--r--blacklisting/blacklist.xml86
1 files changed, 0 insertions, 86 deletions
diff --git a/blacklisting/blacklist.xml b/blacklisting/blacklist.xml
deleted file mode 100644
index 3f0bd50f908c..000000000000
--- a/blacklisting/blacklist.xml
+++ /dev/null
@@ -1,86 +0,0 @@
-<blacklist>
-
-
-<item id='firefox-1.0.1-security'>
-  <condition>
-    <within>
-      <traverse><true /></traverse>
-      <hasAttr name='outputHash' value='ebaea974fea9460ab7050fff76b41cb1' />
-    </within>
-  </condition>
-  <reason>
-    Fixes several security bugs (see
-    http://www.mozilla.org/projects/security/known-vulnerabilities.html),
-    in particular MFSA 2005-30
-    (http://www.mozilla.org/security/announce/mfsa2005-30.html).
-    Upgrade to 1.0.2.
-  </reason>
-  <severity class="client" level="critical" />
-</item>
-
-
-<item id='openssl-0.9.7d-obsolete'>
-  <condition>
-    <within>
-      <traverse><true /></traverse>
-      <hasAttr name='outputHash' value='1b49e90fc8a75c3a507c0a624529aca5' />
-    </within>
-  </condition>
-  <reason>
-    Race condition in CRL checking code.  Upgrade to 0.9.7e.
-  </reason>
-  <severity class="all" level="low" />
-</item>
-
-
-<item id='zlib-1.2.1-security' type='security'>
-  <condition>
-    <within>
-      <traverse>
-        <not><hasAttr name='outputHash' value='.+' /></not>
-      </traverse>
-      <hasAttr name='outputHash' value='ef1cb003448b4a53517b8f25adb12452' />
-    </within>
-  </condition>
-  <reason>
-    Zlib 1.2.1 is vulnerable to a denial-of-service condition.  See
-    http://www.kb.cert.org/vuls/id/238678.  Upgrade to 1.2.2.
-  </reason>
-  <severity class="server" level="critical" />
-  <severity class="client" level="medium" />
-</item>
-
-
-<!--
-<item id='libpng-1.2.7-crash'>
-  <condition>
-    <containsName name="libpng" comparison="lte" version="1.2.7" />
-  </condition>
-  <reason>
-    libpng 1.2.7 is vulnerable to a crash bug.  See
-    http://www.libpng.org/pub/png/libpng.html.  Upgrade to 1.2.8.
-  </reason>
-  <severity class="client" level="low" />
-</item>
--->
-
-
-<!--
-<item id='subversion-without-zlib' type='improvement'>
-
-  <condition>
-    <withinOutputClosure>
-      <not>
-        <containsName name='zlib' />
-      </not>
-    </withinOutputClosure>
-  </condition>
-
-  <reason>
-    Subversion can be compiled with Zlib compression support, which is a good thing.
-  </reason>
-
-</item>
--->
-
-</blacklist>