git: 59efdc09dba9 - main - security/vuxml: correct vulnerable package range for nginx

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Alan Somers <asomers_at_FreeBSD.org>
Date: Tue, 17 Sep 2024 13:46:20 UTC

The branch main has been updated by asomers:

URL: https://cgit.FreeBSD.org/ports/commit/?id=59efdc09dba99355ace1359aab657afcb4159c66

commit 59efdc09dba99355ace1359aab657afcb4159c66
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2024-09-03 14:33:32 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2024-09-17 13:44:49 +0000

    security/vuxml: correct vulnerable package range for nginx
    
    14dc2636e72c396459a6559868033910ee8a4532 added a new vuxml entry, but
    forgot to account for PORTEPOCH.
    
    PR:             281250
    Approved by:    maintainer timeout
    Security:       CVE-2024-7347
---
 security/vuxml/vuln/2024.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 73b2e8faa197..629f49a7fe79 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1314,11 +1314,11 @@
     <affects>
       <package>
 	<name>nginx-devel</name>
-	<range><ge>1.5.13</ge><lt>1.27.1</lt></range>
+	<range><ge>1.5.13,3</ge><lt>1.27.1,3</lt></range>
       </package>
       <package>
 	<name>nginx</name>
-	<range><ge>1.6.0</ge><lt>1.26.2</lt></range>
+	<range><ge>1.6.0,3</ge><lt>1.26.2,3</lt></range>
       </package>
     </affects>
     <description>