[Bug 270875] www/nginx: with njs < 0.7.11 is vulnerable

Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: <bugzilla-noreply_at_freebsd.org>
Date: Sun, 16 Apr 2023 08:01:38 UTC

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270875

            Bug ID: 270875
           Summary: www/nginx: with njs < 0.7.11 is vulnerable
           Product: Ports & Packages
           Version: Latest
          Hardware: Any
                OS: Any
            Status: New
          Keywords: security
          Severity: Affects Only Me
          Priority: ---
         Component: Individual Port(s)
          Assignee: joneum@FreeBSD.org
          Reporter: flo@FreeBSD.org
                CC: ports-secteam@FreeBSD.org
          Assignee: joneum@FreeBSD.org
             Flags: maintainer-feedback?(joneum@FreeBSD.org)

njs was updated to 0.7.12 for www/nginx-devel, it should probably be updated to
at least 0.7.11 for www/nginx

https://github.com/advisories/GHSA-rc94-438g-7v38
https://github.com/advisories/GHSA-qmh7-2w4g-hwv8
https://github.com/advisories/GHSA-c799-xf29-f54x
https://github.com/advisories/GHSA-2jqf-9377-3hhp

https://github.com/nginx/njs/issues/615
https://github.com/nginx/njs/issues/617
https://github.com/nginx/njs/issues/618
https://github.com/nginx/njs/issues/619

I would have added a vuxml, but I couldn't figure out how to match nginx only
when built with njs < 0.7.11, I think that's not possible currently. I didn't
want to add <lt>1.22.1_5</lt>  because it's not guaranteed to be fixed in
1.22.1_6.

-- 
You are receiving this mail because:
You are the assignee for the bug.