NetBSD Problem Report #49149
From www@NetBSD.org Mon Aug 25 05:20:51 2014
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [149.20.53.66])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
by mollari.NetBSD.org (Postfix) with ESMTPS id 51647AF1CC
for <gnats-bugs@gnats.NetBSD.org>; Mon, 25 Aug 2014 05:20:51 +0000 (UTC)
Message-Id: <20140825052050.0D942AF1CD@mollari.NetBSD.org>
Date: Mon, 25 Aug 2014 05:20:50 +0000 (UTC)
From: netbsd@seirios.org
Reply-To: netbsd@seirios.org
To: gnats-bugs@NetBSD.org
Subject: Nginx Vulnerability information is wrong
X-Send-Pr-Version: www-1.0
>Number: 49149
>Category: pkg
>Synopsis: Nginx Vulnerability information is wrong
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: pkg-manager
>State: closed
>Class: change-request
>Submitter-Id: net
>Arrival-Date: Mon Aug 25 05:25:00 +0000 2014
>Closed-Date: Mon May 30 00:10:10 +0000 2016
>Last-Modified: Mon May 30 00:10:10 +0000 2016
>Originator: HEO SeonMeyong
>Release: NetBSD 6.1 and pkgsrc-current
>Organization:
>Environment:
NetBSD web001 6.1_STABLE NetBSD 6.1_STABLE (XS_DOMU) #2: Thu Aug 21 19:29:13 JST 2014 seirios@dev001:/export/NetBSD/Obj/rel/sys/arch/amd64/compile/XS_DOMU amd64
>Description:
http://ftp.netbsd.org/pub/NetBSD/packages/vulns/pkg-vulnerabilities has following line.
php>=5.5<5.6 local-privilege-escalation http://secunia.com/advisories/56800/
But php 5.5.16 has fixed this vulnerabilities, so please change this entry.
>How-To-Repeat:
>Fix:
I don't know how to fix but I think
php>=5.5<5.5.16 local-privilege-escalation http://secunia.com/advisories/56800/
>Release-Note:
>Audit-Trail:
State-Changed-From-To: open->closed
State-Changed-By: obache@NetBSD.org
State-Changed-When: Mon, 25 Aug 2014 06:49:06 +0000
State-Changed-Why:
fixed by rev 1.5788.
SA56800 is CVE-2014-4670 and CVE-2014-4698, and those entries are also already
exists, but have invalid "fixed" patterns. In pkgsrc, fixed by 5.5.14nb1.
(Could you send to pkgsrc-security@ for future security matter reports instead?)
Thank you for your PR!
State-Changed-From-To: closed->feedback
State-Changed-By: obache@NetBSD.org
State-Changed-When: Mon, 25 Aug 2014 06:55:40 +0000
State-Changed-Why:
Synopsis is "Nginx Vulnerability information is wrong", but reported for PHP,
do you have other issues related to nginx?
State-Changed-From-To: feedback->closed
State-Changed-By: dholland@NetBSD.org
State-Changed-When: Mon, 30 May 2016 00:10:10 +0000
State-Changed-Why:
1.5-year feedback timeout.
>Unformatted:
(Contact us)
$NetBSD: query-full-pr,v 1.39 2013/11/01 18:47:49 spz Exp $
$NetBSD: gnats_config.sh,v 1.8 2006/05/07 09:23:38 tsutsui Exp $
Copyright © 1994-2014
The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.