svn commit: r508895 - head/security/vuxml
Jochen Neumeister
joneum at FreeBSD.org
Wed Aug 14 12:30:09 UTC 2019
Am 14.08.2019 um 14:17 schrieb Tobias Kortkamp:
> On Wed, Aug 14, 2019 at 07:22:39AM +0000, Jochen Neumeister wrote:
>> Author: joneum
>> Date: Wed Aug 14 07:22:39 2019
>> New Revision: 508895
>> URL: https://svnweb.freebsd.org/changeset/ports/508895
>>
>> Log:
>> Add entry for www/nginx and www/nginx-devel
>>
>> Sponsored by: Netzkommune GmbH
>>
>> Modified:
>> head/security/vuxml/vuln.xml
>>
>> Modified: head/security/vuxml/vuln.xml
>> ==============================================================================
>> --- head/security/vuxml/vuln.xml Wed Aug 14 07:08:19 2019 (r508894)
>> +++ head/security/vuxml/vuln.xml Wed Aug 14 07:22:39 2019 (r508895)
>> @@ -58,6 +58,43 @@ Notes:
>> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
>> -->
>> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
>> + <vuln vid="87679fcb-be60-11e9-9051-4c72b94353b5">
>> + <topic>NGINX -- Multiple vulnerabilities</topic>
>> + <affects>
>> + <package>
>> + <name>nginx</name>
>> + <range><lt>1.16.1</lt></range>
>> + </package>
> This entry is not correct:
>
> $ pkg info -E nginx
> nginx-1.16.0_1,2
> $ pkg audit -f security/vuxml/vuln.xml nginx-1.16.0_1,2
> 0 problem(s) in 0 installed package(s) found.
>
> www/nginx has PORTEPOCH=2 so the entry should have
>
> <range><lt>1.16.1,2</lt></range>
>
> or users will never be informed of this via pkg audit.
fixed in r508912
More information about the svn-ports-all
mailing list