Created attachment 225280 [details] nginx-1.20.1 update patch 2021-05-25: nginx-1.20.1 stable and nginx-1.21.0 mainline versions have been released, with a fix for the 1-byte memory overwrite vulnerability in resolver (CVE-2021-23017).
Any news about this update?
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/ports/commit/?id=c8540e27153f1ea2ee438b9aaf367ea0def9ef29 commit c8540e27153f1ea2ee438b9aaf367ea0def9ef29 Author: Brad Davis <brd@FreeBSD.org> AuthorDate: 2021-06-21 22:08:14 +0000 Commit: Brad Davis <brd@FreeBSD.org> CommitDate: 2021-06-21 22:08:14 +0000 www/nginx: Update to 1.20.1 PR: 256172 Reported by: Christos Chatzaras <chris@cretaforce.gr> Reviewed by: garga Approved by: maintainer timeout MFH: 2021Q2 Security: 0882f019-bd60-11eb-9bdd-8c164567ca3c Sponsored by: Rubicon Communications, LLC ("Netgate") www/nginx/Makefile | 4 ++-- www/nginx/distinfo | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-)
PR further to @brd - if he already wrongly committed, he should also take over the MFH
ping
Isn't the MFH already done by virtue of rolling over to 2021Q3? The commit was in June, i.e, in 2021Q2.