Bug 281250 - security/vuxml: recent nginx entry fails to account for PORTEPOCH
Summary: security/vuxml: recent nginx entry fails to account for PORTEPOCH
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Ports Security Team
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-09-03 14:36 UTC by Alan Somers
Modified: 2024-09-17 14:26 UTC (History)
0 users

See Also:
bugzilla: maintainer-feedback? (ports-secteam)

Attachments
Fix the nginx vulnerable package range (1019 bytes, patch)
2024-09-03 14:36 UTC, Alan Somers 		no flags Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Alan Somers freebsd_committer freebsd_triage 2024-09-03 14:36:12 UTC 
Created attachment 253300 [details]
Fix the nginx vulnerable package range

As a result, "pkg audit  nginx-1.26.1,3" fails to report the package.

The bug was added in git 14dc2636e72c396459a6559868033910ee8a4532
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-09-17 13:47:16 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=59efdc09dba99355ace1359aab657afcb4159c66

commit 59efdc09dba99355ace1359aab657afcb4159c66
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2024-09-03 14:33:32 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2024-09-17 13:44:49 +0000

    security/vuxml: correct vulnerable package range for nginx

    14dc2636e72c396459a6559868033910ee8a4532 added a new vuxml entry, but
    forgot to account for PORTEPOCH.

    PR:             281250
    Approved by:    maintainer timeout
    Security:       CVE-2024-7347

 security/vuxml/vuln/2024.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)