diff options
| author | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-03-24T14·07+0000 |
|---|---|---|
| committer | Eelco Dolstra <e.dolstra@tudelft.nl> | 2005-03-24T14·07+0000 |
| commit | d1487d9015222c33680c7727c31e3b499c620610 (patch) | |
| tree | 5ab112750a036ba68d077712b81d4033e57cb9f3 /blacklisting | |
| parent | 009752ca70f2db7775d279d46dd7cf1b127fad88 (diff) | |
* This is a better location to keep the blacklist, since it can evolve
separately from Nix or Nixpkgs.
Diffstat (limited to 'blacklisting')
| -rw-r--r-- | blacklisting/blacklist.xml | 86 |
1 files changed, 0 insertions, 86 deletions
diff --git a/blacklisting/blacklist.xml b/blacklisting/blacklist.xml deleted file mode 100644 index 3f0bd50f90..0000000000 --- a/blacklisting/blacklist.xml +++ /dev/null @@ -1,86 +0,0 @@ -<blacklist> - - -<item id='firefox-1.0.1-security'> - <condition> - <within> - <traverse><true /></traverse> - <hasAttr name='outputHash' value='ebaea974fea9460ab7050fff76b41cb1' /> - </within> - </condition> - <reason> - Fixes several security bugs (see - http://www.mozilla.org/projects/security/known-vulnerabilities.html), - in particular MFSA 2005-30 - (http://www.mozilla.org/security/announce/mfsa2005-30.html). - Upgrade to 1.0.2. - </reason> - <severity class="client" level="critical" /> -</item> - - -<item id='openssl-0.9.7d-obsolete'> - <condition> - <within> - <traverse><true /></traverse> - <hasAttr name='outputHash' value='1b49e90fc8a75c3a507c0a624529aca5' /> - </within> - </condition> - <reason> - Race condition in CRL checking code. Upgrade to 0.9.7e. - </reason> - <severity class="all" level="low" /> -</item> - - -<item id='zlib-1.2.1-security' type='security'> - <condition> - <within> - <traverse> - <not><hasAttr name='outputHash' value='.+' /></not> - </traverse> - <hasAttr name='outputHash' value='ef1cb003448b4a53517b8f25adb12452' /> - </within> - </condition> - <reason> - Zlib 1.2.1 is vulnerable to a denial-of-service condition. See - http://www.kb.cert.org/vuls/id/238678. Upgrade to 1.2.2. - </reason> - <severity class="server" level="critical" /> - <severity class="client" level="medium" /> -</item> - - -<!-- -<item id='libpng-1.2.7-crash'> - <condition> - <containsName name="libpng" comparison="lte" version="1.2.7" /> - </condition> - <reason> - libpng 1.2.7 is vulnerable to a crash bug. See - http://www.libpng.org/pub/png/libpng.html. Upgrade to 1.2.8. - </reason> - <severity class="client" level="low" /> -</item> ---> - - -<!-- -<item id='subversion-without-zlib' type='improvement'> - - <condition> - <withinOutputClosure> - <not> - <containsName name='zlib' /> - </not> - </withinOutputClosure> - </condition> - - <reason> - Subversion can be compiled with Zlib compression support, which is a good thing. - </reason> - -</item> ---> - -</blacklist> |