Bug 281250

Summary: security/vuxml: recent nginx entry fails to account for PORTEPOCH
Product: Ports & Packages Reporter: Alan Somers <asomers>
Component: Individual Port(s)Assignee: Ports Security Team <ports-secteam>
Status: Closed FIXED    
Severity: Affects Only Me Flags: bugzilla: maintainer-feedback? (ports-secteam)
Priority: ---    
Version: Latest   
Hardware: Any   
OS: Any   
Attachments:
Description Flags
Fix the nginx vulnerable package range none

Description Alan Somers freebsd_committer freebsd_triage 2024-09-03 14:36:12 UTC 
Created attachment 253300 [details]
Fix the nginx vulnerable package range

As a result, "pkg audit  nginx-1.26.1,3" fails to report the package.

The bug was added in git 14dc2636e72c396459a6559868033910ee8a4532
Comment 1 commit-hook freebsd_committer freebsd_triage 2024-09-17 13:47:16 UTC 
A commit in branch main references this bug:

URL: https://cgit.FreeBSD.org/ports/commit/?id=59efdc09dba99355ace1359aab657afcb4159c66

commit 59efdc09dba99355ace1359aab657afcb4159c66
Author:     Alan Somers <asomers@FreeBSD.org>
AuthorDate: 2024-09-03 14:33:32 +0000
Commit:     Alan Somers <asomers@FreeBSD.org>
CommitDate: 2024-09-17 13:44:49 +0000

    security/vuxml: correct vulnerable package range for nginx

    14dc2636e72c396459a6559868033910ee8a4532 added a new vuxml entry, but
    forgot to account for PORTEPOCH.

    PR:             281250
    Approved by:    maintainer timeout
    Security:       CVE-2024-7347

 security/vuxml/vuln/2024.xml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)