Ensure liblzma stays pinned to 5.4.4

2 years ago · 57d029f087
1 changed files with 5 additions and 0 deletions
--- a/vcpkg.json
+++ b/vcpkg.json
@ -62,6 +62,11 @@
    {
      "name": "ngspice",
      "version": "42"
+    },
+    {
+      "name": "liblzma",
+      "version": "5.4.4",
+      "$comment": "liblzma & xz were compromised upstream: CVE-2024-3094."
    }
  ]
 }