From ad992cbde10879455a5359ceb17937fc57cf2fc9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?L=C3=A9o=20Gaspard?= <github@leo.gaspard.ninja>
Date: Sat, 13 Oct 2018 04:28:30 +0900
Subject: [PATCH] nheko: mark as insecure (#48281)

The package is no longer maintained and includes potential security
vulnerabilities (a use-after-free and several crashes) that are known
and not fixed in the version present in nixpkgs. They don't look too bad
judging from the trigger vectors mentioned in the changelog, but with
the project going unmaintained one of them becoming a security
vulnerability would likely not be noticed.
---
 .../applications/networking/instant-messengers/nheko/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/applications/networking/instant-messengers/nheko/default.nix b/pkgs/applications/networking/instant-messengers/nheko/default.nix
index 0d34a0a4362827..6e78a9034aecab 100644
--- a/pkgs/applications/networking/instant-messengers/nheko/default.nix
+++ b/pkgs/applications/networking/instant-messengers/nheko/default.nix
@@ -70,5 +70,6 @@ stdenv.mkDerivation rec {
     maintainers = with maintainers; [ ekleog fpletz ];
     platforms = platforms.unix;
     license = licenses.gpl3Plus;
+    knownVulnerabilities = [ "No longer maintained" ];
   };
 }