FreeBSD Mail Archives

Date:      Fri, 18 Mar 2022 23:01:04 +0000
From:      "Sergey A. Osokin" <osa@freebsd.org>
To:        Bernhard Froehlich <decke@freebsd.org>
Cc:        ports-committers@freebsd.org, dev-commits-ports-all@freebsd.org, dev-commits-ports-main@freebsd.org
Subject:   Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information
Message-ID:  <YjUPMFv%2B4rZwJASe@FreeBSD.org>
In-Reply-To: <17f9ed8fd16.11d434a3315181.2538570885863963752@freebsd.org>
References:  <202203181555.22IFtncp006365@gitrepo.freebsd.org> <YjTJB5wnEEvFXSS/@FreeBSD.org> <17f9ed8fd16.11d434a3315181.2538570885863963752@freebsd.org>


--zqo7AbWWrF0G+Ocr
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Fri, Mar 18, 2022 at 10:04:55PM +0100, decke@freebsd.org wrote:
> ---- On Fri, 18 Mar 2022 19:01:43 +0100
> > > On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich wrote:
> > > [...]
> > >
> > > -CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0f5
> > > -CPE_PRODUCT=3D=C2=A0=C2=A0=C2=A0njs
> > > +CPE_VENDOR=3D=C2=A0=C2=A0=C2=A0=C2=A0nginx
> >
> >  Why?
> >
> Because the CPE entry was wrong and does not exist=C2=A0in the CPE
> dictionary.  Have a look at a recent CVE for=C2=A0njs and you will see
> that they use nginx:njs, https://nvd.nist.gov/vuln/detail/CVE-2021-46463

Thanks for sharing this, Bernhard, I'll take a look on that.

--=20
Sergey A. Osokin

--zqo7AbWWrF0G+Ocr
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQITBAEBCgB9FiEEZTMJYdHlAQrZCsSmOBlAga+KbzQFAmI1DyxfFIAAAAAALgAo
aXNzdWVyLWZwckBub3RhdGlvbnMub3BlbnBncC5maWZ0aGhvcnNlbWFuLm5ldDY1
MzMwOTYxRDFFNTAxMEFEOTBBQzRBNjM4MTk0MDgxQUY4QTZGMzQACgkQOBlAga+K
bzQLQwv+MmW1p9JLRbrpZLMcGPMr3Im9pqfB8h7P+DNYgM+YqNaQDoQ9fh81mzcK
GbWJbk3ioDKK86Yp9woo4+tvZsnSY6m3UbIrWdQkx20c3JvLBnggUcrf6YIOKXQQ
7yPtCW2Bemub4mHLkgy6WicdqteoyboEvck8SOlZpT1XkZNV4BgbYAkzWUGfQ28x
20JxJQEo9GDxsI7nsNMIL8MMAijaxxmNK/NsrluYWwHCtokgXVyBXR6ELIv//M8T
Y3f37YLBtXa5fNqb+vTbgCOfxoTNBU7E2G0IANIxPwhYqlkk+gU0V5m5NRWjdsEf
ar3SYKImyfGfpqhIlbCT8LAdefbbXRMN1BWUbB2mE+rq1W07XmdJcJrDjWdRO70o
aTBHXShNHbZQbPqAtrV++jGkr1DJgFxRvfMi4S4vxqYvys2iX1zLZJOoqaDVr9uq
HJykE+YXjQLCF1ArLyl6lYaeyRvKRa2ZdLQ22EBsRDMqSn8LDXV+Lba2oJemE4h9
adHjxI7u
=15ZY
-----END PGP SIGNATURE-----

--zqo7AbWWrF0G+Ocr--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?YjUPMFv%2B4rZwJASe>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation