From c7a9aa54ec7f1a14e4a243c22bb13084620e295a Mon Sep 17 00:00:00 2001 From: Martin Weinelt Date: Thu, 10 Jul 2025 16:04:27 +0200 Subject: [PATCH] intel-media-sdk: mark vulnerable The upstream repo was archived on 2023-05-17 with the following comment: > This project has been identified as having known security escapes. It is now clear what (some) of these are, which prompts marking this package as vulnerable. This is now safe to do, as it is not a default part of our ffmpeg-full package any longer. --- pkgs/by-name/in/intel-media-sdk/package.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/pkgs/by-name/in/intel-media-sdk/package.nix b/pkgs/by-name/in/intel-media-sdk/package.nix index 26a77a7ed94e..3401d07089e6 100644 --- a/pkgs/by-name/in/intel-media-sdk/package.nix +++ b/pkgs/by-name/in/intel-media-sdk/package.nix @@ -69,6 +69,16 @@ stdenv.mkDerivation rec { midchildan pjungkamp ]; + knownVulnerabilities = [ + '' + End of life with various local privilege escalation vulnerabilites: + - CVE-2023-22656 + - CVE-2023-45221 + - CVE-2023-47169 + - CVE-2023-47282 + - CVE-2023-48368 + '' + ]; platforms = [ "x86_64-linux" ]; }; }