pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed via pkgin

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed via pkgin
From: c.vv%outlook.com@localhost
Date: Thu, 26 Jun 2014 02:45:00 +0000 (UTC)

>Number:         48953
>Category:       pkg
>Synopsis:       pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed 
>via pkgin
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jun 26 02:45:00 +0000 2014
>Originator:     Chris
>Release:        6.1.4
>Organization:
>Environment:
6.1.4 NetBSD 6.1.4 (XEN3_DOMU_PF) #0: Fri Jun 13 22:58:53 MDT 2014
>Description:
After installing nginx and updating the pkg vulnerability database, it's 
reporting the following:

Package nginx-1.5.12nb3 has a man-in-the-middle-attack vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968

The CVE indicated applies to nginx versions .7.61 - .8.40 only
>How-To-Repeat:
1. pkgin install nginx
2. pkg_admin fetch-pkg-vulnerabilities
3. pkg_admin audit

The audit command will indicate: Package nginx-1.5.12nb3 has a 
man-in-the-middle-attack vulnerability, see 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4968


>Fix:

Prev by Date: Re: pkg/48919
Next by Date: Re: pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed via pkgin
Previous by Thread: Re: pkg/48951 (graphics/imlib2 default amd64 option break OSX Build)
Next by Thread: Re: pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed via pkgin
Indexes:

Home | Main Index | Thread Index | Old Index