Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information

Reply: decke_a_freebsd.org: "Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information"
In reply to: Sergey A. Osokin: "Re: git: 4164ab866d06 - main - lang/njs: Fix CPE information"
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Sergey A. Osokin <osa_at_freebsd.org>
Date: Fri, 25 Mar 2022 03:47:15 UTC

Hi Bernhard,

hope you're doing well.

On Fri, Mar 18, 2022 at 11:01:04PM +0000, Sergey A. Osokin wrote:
> On Fri, Mar 18, 2022 at 10:04:55PM +0100, decke@freebsd.org wrote:
> > ---- On Fri, 18 Mar 2022 19:01:43 +0100
> > > > On Fri, Mar 18, 2022 at 03:55:49PM +0000, Bernhard Froehlich wrote:
> > > > [...]
> > > >
> > > > -CPE_VENDOR=    f5
> > > > -CPE_PRODUCT=   njs
> > > > +CPE_VENDOR=    nginx
> > >
> > >  Why?
> > >
> > Because the CPE entry was wrong and does not exist in the CPE
> > dictionary.  Have a look at a recent CVE for njs and you will see
> > that they use nginx:njs, https://nvd.nist.gov/vuln/detail/CVE-2021-46463
> 
> Thanks for sharing this, Bernhard, I'll take a look on that.

The CVE's been updated, could you please revert your commit.

Thank you.

-- 
Sergey A. Osokin