From owner-svn-ports-head@freebsd.org Wed Aug 14 12:30:09 2019 Return-Path: Delivered-To: svn-ports-head@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 8E1DCAA471; Wed, 14 Aug 2019 12:30:09 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: from toco-domains.de (mail.toco-domains.de [176.9.100.27]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 467pnY1jVjz4G28; Wed, 14 Aug 2019 12:30:08 +0000 (UTC) (envelope-from joneum@FreeBSD.org) Received: by toco-domains.de (Postfix, from userid 65534) id C9C92B1403; Wed, 14 Aug 2019 14:30:00 +0200 (CEST) X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on toco-mail X-Spam-Level: X-Spam-Status: No, score=-2.9 required=4.0 tests=ALL_TRUSTED,BAYES_00, URIBL_BLOCKED autolearn=ham autolearn_force=no version=3.4.2 Received: from [172.31.21.114] (visusmail.visus-tt.com [212.23.146.170]) (using TLSv1.2 with cipher AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by toco-domains.de (Postfix) with ESMTPSA id EF195B13E7; Wed, 14 Aug 2019 14:29:57 +0200 (CEST) Subject: Re: svn commit: r508895 - head/security/vuxml To: Tobias Kortkamp Cc: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org References: <201908140722.x7E7MdSW088299@repo.freebsd.org> <20190814121726.GA50509@urd.tobik.me> From: Jochen Neumeister Message-ID: Date: Wed, 14 Aug 2019 14:29:57 +0200 MIME-Version: 1.0 In-Reply-To: <20190814121726.GA50509@urd.tobik.me> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-WatchGuard-AntiVirus: part scanned. clean action=allow X-Rspamd-Queue-Id: 467pnY1jVjz4G28 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; none X-Spamd-Result: default: False [-2.90 / 15.00]; local_wl_from(0.00)[FreeBSD.org]; NEURAL_HAM_MEDIUM(-1.00)[-0.999,0]; NEURAL_HAM_LONG(-1.00)[-0.999,0]; NEURAL_HAM_SHORT(-0.91)[-0.906,0]; ASN(0.00)[asn:24940, ipnet:176.9.0.0/16, country:DE] X-BeenThere: svn-ports-head@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: SVN commit messages for the ports tree for head List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 14 Aug 2019 12:30:09 -0000 Am 14.08.2019 um 14:17 schrieb Tobias Kortkamp: > On Wed, Aug 14, 2019 at 07:22:39AM +0000, Jochen Neumeister wrote: >> Author: joneum >> Date: Wed Aug 14 07:22:39 2019 >> New Revision: 508895 >> URL: https://svnweb.freebsd.org/changeset/ports/508895 >> >> Log: >> Add entry for www/nginx and www/nginx-devel >> >> Sponsored by: Netzkommune GmbH >> >> Modified: >> head/security/vuxml/vuln.xml >> >> Modified: head/security/vuxml/vuln.xml >> ============================================================================== >> --- head/security/vuxml/vuln.xml Wed Aug 14 07:08:19 2019 (r508894) >> +++ head/security/vuxml/vuln.xml Wed Aug 14 07:22:39 2019 (r508895) >> @@ -58,6 +58,43 @@ Notes: >> * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) >> --> >> >> + >> + NGINX -- Multiple vulnerabilities >> + >> + >> + nginx >> + 1.16.1 >> + > This entry is not correct: > > $ pkg info -E nginx > nginx-1.16.0_1,2 > $ pkg audit -f security/vuxml/vuln.xml nginx-1.16.0_1,2 > 0 problem(s) in 0 installed package(s) found. > > www/nginx has PORTEPOCH=2 so the entry should have > > 1.16.1,2 > > or users will never be informed of this via pkg audit. fixed in r508912