[Git][security-tracker-team/security-tracker][master] CVE-2013-0337/nginx: clarify status

[Sylvain Beucler]

Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
82a8f695 by Sylvain Beucler at 2020-07-11T12:19:30+02:00
CVE-2013-0337/nginx: clarify status

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -303248,9 +303248,9 @@ CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier,
 	[jessie] - nginx <ignored> (Minor issue)
 	[wheezy] - nginx <no-dsa> (Minor issue)
 	[squeeze] - nginx <no-dsa> (Minor issue)
-	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
-	NOTE: resolved upstream.
-	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
+	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376 is resolved upstream
+	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 (CVE-2016-1247)
+	NOTE: Post DSA-3701-1, Debian's default configuration is not affected, new log files are
 CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...)
 	- 389-ds-base 1.3.2.9-1 (bug #704077)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)  ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a8f695a4eaf64ecf09af2400fff864c3665d80

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/82a8f695a4eaf64ecf09af2400fff864c3665d80
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20200711/7ff1d582/attachment.html>