xen: mark unsupported versions as vulnerable

Our support for Xen lacks maintenance and since Xen has monthly security
advisories it is reasonable to assume our version is affected by a
multitude of security problems that are fixed upstream.

How many advisories? Browsing oss-security shows the following number of
advisories in each of the following years:

2022: 3
2021: 53
2020: 54
2019: 46 <-- we are *here*

https://xenbits.xen.org/docs/unstable/support-matrix.html
This commit is contained in:
Martin Weinelt 2022-01-25 13:46:22 +01:00
parent a147b46130
commit 39341ed38b
No known key found for this signature in database
GPG key ID: 87C1E9888F856759

View file

@ -254,5 +254,9 @@ stdenv.mkDerivation (rec {
platforms = [ "x86_64-linux" ];
maintainers = with lib.maintainers; [ eelco tstrobel oxij ];
license = lib.licenses.gpl2;
# https://xenbits.xen.org/docs/unstable/support-matrix.html
knownVulnerabilities = lib.optionals (lib.versionOlder version "4.13") [
"This version of Xen has reached its end of life. See https://xenbits.xen.org/docs/unstable/support-matrix.html"
];
} // (config.meta or {});
} // removeAttrs config [ "xenfiles" "buildInputs" "patches" "postPatch" "meta" ])