Date: Sun, 31 May 2026 22:01:11 +0200 From: Arnaud de Prelle <arnaud@pnzone.net> To: freebsd-security@freebsd.org Subject: nginx-1.30.2_2,3 wrongly vulnerable to CVE-2026-9256 ? Message-ID: <e7252e33e7aa60c82d3a73240258d7d1@pnzone.net>
index | next in thread | raw e-mail
Hi, As per - https://www.freshports.org/www/nginx/ and - https://vuxml.freebsd.org/freebsd/36a3131d-5600-11f1-b339-3497f65b111b.html CVE-2026-9256 should be fixed since nginx 1.30.2,3. I'm using the latest version of nginx: # pkg info nginx | grep Version Version : 1.30.2_2,3 But pkg audit -F reports this port as vulnerable to CVE-2026-9256: # pkg audit -F vulnxml file up-to-date nginx-1.30.2_2,3 is vulnerable: nginx -- heap buffer overflow in ngx_http_rewrite_module CVE: CVE-2026-9256 WWW: https://vuxml.FreeBSD.org/freebsd/36a3131d-5600-11f1-b339-3497f65b111b.html Am I missing something ? Thanks, Arnaud.home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?e7252e33e7aa60c82d3a73240258d7d1>