Date: Fri, 18 Mar 2022 22:04:55 +0100 From: decke@freebsd.org To: <osa@freebsd.org> Cc: <ports-committers@freebsd.org>, <dev-commits-ports-all@freebsd.org>, <dev-commits-ports-main@freebsd.org> Subject: Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information Message-ID: <17f9ed8fd16.11d434a3315181.2538570885863963752@freebsd.org> In-Reply-To: <YjTJB5wnEEvFXSS/@FreeBSD.org> References: <202203181555.22IFtncp006365@gitrepo.freebsd.org> <YjTJB5wnEEvFXSS/@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_95713_2058631843.1647637495063 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable ---- On Fri, 18 Mar 2022 19:01:43 +0100=C2=A0osa@freebsd.org=C2=A0wrote ---= -Hi Bernhard,On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich w= rote:[...]>> -CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0f5> -CPE_PRODUCT=3D=C2= =A0=C2=A0=C2=A0=C2=A0njs> +CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0nginxWhy?--= Sergey A. OsokinBecause the CPE entry was wrong and does not exist=C2=A0in = the CPE dictionary. Have a look at a recent CVE for=C2=A0njs and you will s= ee that they use nginx:njshttps://nvd.nist.gov/vuln/detail/CVE-2021-46463 ------=_Part_95713_2058631843.1647637495063 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"><html><head>= <meta content=3D"text/html;charset=3DUTF-8" http-equiv=3D"Content-Type"></h= ead><body ><div style=3D'font-size:10pt;font-family:Verdana,Arial,Helvetica= ,sans-serif;'><div id=3D"message"></div><span style=3D"background-color: rg= b(20, 20, 20);">---- On Fri, 18 Mar 2022 19:01:43 +0100 </span><b>osa@= freebsd.org </b><span style=3D"background-color: rgb(20, 20, 20);">wro= te ----</span><br><br><blockquote style=3D"background-color: rgb(20, 20, 20= ); margin-left: 5px; border-left-color: rgb(204, 204, 204);">Hi Bernhard,<b= r><br>On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich wrote:<b= r><br>[...]<br>><br>> -CPE_VENDOR=3D f5<br>>= ; -CPE_PRODUCT=3D njs<br>> +CPE_VENDOR=3D &n= bsp; nginx<br><br>Why?<br><br>--<br>Sergey A. Osokin</blockquote= ><br>Because the CPE entry was wrong and does not exist in the CPE dic= tionary. Have a look at a recent CVE for njs and you will see that the= y use nginx:njs<div><div align=3D"left"><blockquote><p dir=3D"ltr">https://= nvd.nist.gov/vuln/detail/CVE-2021-46463</p></blockquote></div></div></div><= br></body></html> ------=_Part_95713_2058631843.1647637495063--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?17f9ed8fd16.11d434a3315181.2538570885863963752>