Date: Fri, 25 Mar 2022 03:47:15 +0000 From: "Sergey A. Osokin" <osa@freebsd.org> To: Bernhard Froehlich <decke@freebsd.org> Cc: ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org Subject: Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information Message-ID: <Yj07Q2EDv7grH3Hg@FreeBSD.org> In-Reply-To: <YjUPMFv%2B4rZwJASe@FreeBSD.org> References: <202203181555.22IFtncp006365@gitrepo.freebsd.org> <YjTJB5wnEEvFXSS/@FreeBSD.org> <17f9ed8fd16.11d434a3315181.2538570885863963752@freebsd.org> <YjUPMFv%2B4rZwJASe@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
--v+a4fJIUtlt1CsfG Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Hi Bernhard, hope you're doing well. On Fri, Mar 18, 2022 at 11:01:04PM +0000, Sergey A. Osokin wrote: > On Fri, Mar 18, 2022 at 10:04:55PM +0100, decke@freebsd.org wrote: > > ---- On Fri, 18 Mar 2022 19:01:43 +0100 > > > > On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich wrote: > > > > [...] > > > > > > > > -CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0f5 > > > > -CPE_PRODUCT=3D=C2=A0=C2=A0=C2=A0njs > > > > +CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0nginx > > > > > > Why? > > > > > Because the CPE entry was wrong and does not exist=C2=A0in the CPE > > dictionary. Have a look at a recent CVE for=C2=A0njs and you will see > > that they use nginx:njs, https://nvd.nist.gov/vuln/detail/CVE-2021-46463 >=20 > Thanks for sharing this, Bernhard, I'll take a look on that. The CVE's been updated, could you please revert your commit. Thank you. --=20 Sergey A. Osokin --v+a4fJIUtlt1CsfG Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQITBAEBCgB9FiEEZTMJYdHlAQrZCsSmOBlAga+KbzQFAmI9Oz5fFIAAAAAALgAo aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY1 MzMwOTYxRDFFNTAxMEFEOTBBQzRBNjM4MTk0MDgxQUY4QTZGMzQACgkQOBlAga+K bzRGRgv6Ai2v5W+H4C8xgGYX10kvlaBCRDThCqyalheHOeD85AgQkeiTKnbjRZ+7 Uir6x+Wlc99NQhxmop61RqboT9lcP67ywpCM11gdloyqnZ7eK6QLM78TGlY/3oap zdSozkjsBWys0JXRL6Cf9OVwa4mcCx+UlQt1r/2JaoGIhWcNalMgxkXeZWF3x+og 2h46V0HEOPbQ4RlMgb3xIF05CYNyAbro/Pj3ZPDXfeHDuA+ggrOPeUNgibirp/NV YUgcvnkkfiKRnZ9y+4W0ZdiveO+TtQvnBt1G549bcOEduBnqskVax5cE0Zp/g5C5 mogs/ZaDlIkyNujwd6tnozfaGVVXMCggjbg0BDu387c+vWwct1IYEElGvXdLNZNr Y2HLX7MTJcCRlQ3ZB/HzXItDNQLmWQy2ms+c8+b+s34oF7sZqtVJn4KUdNno6lv/ gsTvv1wnKVTGgw6arnDg0JJVo772y7UwLmwk4CW8N3ki6Zgp54oLy615R0LnkU4Z 9vdgdjM9 =ucyH -----END PGP SIGNATURE----- --v+a4fJIUtlt1CsfG--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Yj07Q2EDv7grH3Hg>