Ah, okay. It's just confusing when taken at face value. Thanks for the explanation.
Chris > From: joerg%britannica.bec.de@localhost > To: pkg-manager%netbsd.org@localhost; gnats-admin%netbsd.org@localhost; pkgsrc-bugs%netbsd.org@localhost; c.vv%outlook.com@localhost > Subject: Re: pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 installed via pkgin > CC: > Date: Thu, 26 Jun 2014 14:05:01 +0000 > > The following reply was made to PR pkg/48953; it has been noted by GNATS. > > From: Joerg Sonnenberger <joerg%britannica.bec.de@localhost> > To: gnats-bugs%NetBSD.org@localhost > Cc: > Subject: Re: pkg/48953: pkg audit showing erroneous CVE for nginx-1.5.12nb3 > installed via pkgin > Date: Thu, 26 Jun 2014 16:00:29 +0200 > > On Thu, Jun 26, 2014 at 02:45:00AM +0000, c.vv%outlook.com@localhost wrote: > > The CVE indicated applies to nginx versions .7.61 - .8.40 only > > While the CVE is somewhat silly, options for specifying the certificate > chain for the reverse proxy only appeared recently in the development > version. > > Joerg > |