Date: Sun, 16 Apr 2023 08:01:38 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 270875] www/nginx: with njs < 0.7.11 is vulnerable Message-ID: <bug-270875-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D270875 Bug ID: 270875 Summary: www/nginx: with njs < 0.7.11 is vulnerable Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Keywords: security Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: joneum@FreeBSD.org Reporter: flo@FreeBSD.org CC: ports-secteam@FreeBSD.org Assignee: joneum@FreeBSD.org Flags: maintainer-feedback?(joneum@FreeBSD.org) njs was updated to 0.7.12 for www/nginx-devel, it should probably be update= d to at least 0.7.11 for www/nginx https://github.com/advisories/GHSA-rc94-438g-7v38 https://github.com/advisories/GHSA-qmh7-2w4g-hwv8 https://github.com/advisories/GHSA-c799-xf29-f54x https://github.com/advisories/GHSA-2jqf-9377-3hhp https://github.com/nginx/njs/issues/615 https://github.com/nginx/njs/issues/617 https://github.com/nginx/njs/issues/618 https://github.com/nginx/njs/issues/619 I would have added a vuxml, but I couldn't figure out how to match nginx on= ly when built with njs < 0.7.11, I think that's not possible currently. I didn= 't want to add <lt>1.22.1_5</lt> because it's not guaranteed to be fixed in 1.22.1_6. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-270875-7788>