svn commit: r508895 - head/security/vuxml
Tobias Kortkamp
tobik at freebsd.org
Wed Aug 14 12:17:33 UTC 2019
On Wed, Aug 14, 2019 at 07:22:39AM +0000, Jochen Neumeister wrote:
> Author: joneum
> Date: Wed Aug 14 07:22:39 2019
> New Revision: 508895
> URL: https://svnweb.freebsd.org/changeset/ports/508895
>
> Log:
> Add entry for www/nginx and www/nginx-devel
>
> Sponsored by: Netzkommune GmbH
>
> Modified:
> head/security/vuxml/vuln.xml
>
> Modified: head/security/vuxml/vuln.xml
> ==============================================================================
> --- head/security/vuxml/vuln.xml Wed Aug 14 07:08:19 2019 (r508894)
> +++ head/security/vuxml/vuln.xml Wed Aug 14 07:22:39 2019 (r508895)
> @@ -58,6 +58,43 @@ Notes:
> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
> -->
> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
> + <vuln vid="87679fcb-be60-11e9-9051-4c72b94353b5">
> + <topic>NGINX -- Multiple vulnerabilities</topic>
> + <affects>
> + <package>
> + <name>nginx</name>
> + <range><lt>1.16.1</lt></range>
> + </package>
This entry is not correct:
$ pkg info -E nginx
nginx-1.16.0_1,2
$ pkg audit -f security/vuxml/vuln.xml nginx-1.16.0_1,2
0 problem(s) in 0 installed package(s) found.
www/nginx has PORTEPOCH=2 so the entry should have
<range><lt>1.16.1,2</lt></range>
or users will never be informed of this via pkg audit.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 618 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/svn-ports-all/attachments/20190814/8c092aa2/attachment.sig>
More information about the svn-ports-all
mailing list