[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

	Hi.

Please do not top post.

On Tue, Sep 15, 2020 at 09:13:04AM +0000, Suryadevara, Revanth wrote:
> Hi Klaus,
> 	
> 1.) Pertaining to Nginx there is no CVE-ID, main concern is, 
> According to nginx download page, (http://nginx.org/en/download.html)
> Nginx 1.14.x is no longer supported and will not be getting regular
> patches. So, if any security Vulnerabilities arise then system would
> be at high risk as the vendor no longer provide updates.

No known CVE = no problem. Unless of course you just happen to know a
private zero-day.
And, as the version of nginx shows, they've fixed some CVEs in past,
trice for the duration of buster.


> 2.) Pertaining to GNOME Evolution , the CVE-ID is  CVE-2020-11879 .
> This ID isn't present in the links which you've shared.

Buster's evolution is vulnerable indeed - [1]. Security impact is low,
so it's hardly a surprise it is not fixed yet.

Reco

[1] https://security-tracker.debian.org/tracker/source-package/evolution
Reply to: