Created attachment 225280 [details]
nginx-1.20.1 update patch
2021-05-25: nginx-1.20.1 stable and nginx-1.21.0 mainline versions have been released, with a fix for the 1-byte memory overwrite vulnerability in resolver (CVE-2021-23017).
Any news about this update?
A commit in branch main references this bug:
Author: Brad Davis <brd@FreeBSD.org>
AuthorDate: 2021-06-21 22:08:14 +0000
Commit: Brad Davis <brd@FreeBSD.org>
CommitDate: 2021-06-21 22:08:14 +0000
www/nginx: Update to 1.20.1
Reported by: Christos Chatzaras <firstname.lastname@example.org>
Reviewed by: garga
Approved by: maintainer timeout
Sponsored by: Rubicon Communications, LLC ("Netgate")
www/nginx/Makefile | 4 ++--
www/nginx/distinfo | 6 +++---
2 files changed, 5 insertions(+), 5 deletions(-)
PR further to @brd - if he already wrongly committed, he should also take over the MFH
Isn't the MFH already done by virtue of rolling over to 2021Q3? The
commit was in June, i.e, in 2021Q2.