[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Vulnerabilities with Nginx v1.14.2 and GNOME Evolution

On Tue, Sep 15, 2020 at 09:13:04AM +0000, Suryadevara, Revanth wrote:
> 1.) Pertaining to Nginx there is no CVE-ID, main concern is, 
> According to nginx download page, (http://nginx.org/en/download.html) Nginx 1.14.x is no longer supported and will not be getting regular patches. So, if any security Vulnerabilities arise then system would be at high risk as the vendor no longer provide updates.

The Debian security team backports patches to fix security issues
whenever possible.

*If* in the future a vulnerability is discovered which cannot easily be
fixed by a patch backported from a future version of nginx, then the
security team *may* opt to use a newer upstream version of nginx in
the stable release.  There is some precedent for this with other packages
such as samba and bind9.
Reply to: