Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information

Reply: Sergey A. Osokin: "Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information"
In reply to: decke_a_freebsd.org: "Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Sergey A. Osokin <osa_at_freebsd.org>
Date: Fri, 18 Mar 2022 23:01:04 UTC

On Fri, Mar 18, 2022 at 10:04:55PM +0100, decke@freebsd.org wrote:
> ---- On Fri, 18 Mar 2022 19:01:43 +0100
> > > On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich wrote:
> > > [...]
> > >
> > > -CPE_VENDOR=    f5
> > > -CPE_PRODUCT=   njs
> > > +CPE_VENDOR=    nginx
> >
> >  Why?
> >
> Because the CPE entry was wrong and does not exist in the CPE
> dictionary.  Have a look at a recent CVE for njs and you will see
> that they use nginx:njs, https://nvd.nist.gov/vuln/detail/CVE-2021-46463

Thanks for sharing this, Bernhard, I'll take a look on that.

-- 
Sergey A. Osokin