From bc4dc452fa3ce8895a31273e6d541fbc6abfc2af Mon Sep 17 00:00:00 2001
From: Thomas Gerbet <thomas@gerbet.me>
Date: Wed, 10 Apr 2024 22:43:57 +0200
Subject: [PATCH] envoy: flag as vulnerable to CVE-2024-30255

Envoy 1.27.4 [0] contains the fix but upgrading it is
not straightforward as the build of the current version
is already broken and only thanks to the caching of the deps
(seems to be the case since the removal of Go 1.20).

Fixing the build seems to require more Bazel knownledge than I have
and the the usual maintainer is currently not available.

[0] https://github.com/envoyproxy/envoy/releases/tag/v1.27.4
---
 pkgs/servers/http/envoy/default.nix | 1 +
 1 file changed, 1 insertion(+)

diff --git a/pkgs/servers/http/envoy/default.nix b/pkgs/servers/http/envoy/default.nix
index bb8a5e6a575cc..50067d7dd6220 100644
--- a/pkgs/servers/http/envoy/default.nix
+++ b/pkgs/servers/http/envoy/default.nix
@@ -197,5 +197,6 @@ buildBazelPackage {
     license = licenses.asl20;
     maintainers = with maintainers; [ lukegb ];
     platforms = [ "x86_64-linux" "aarch64-linux" ];
+    knownVulnerabilities = [ "CVE-2024-30255" ];
   };
 }