CVE-2013-0337/nginx: clarify status

author: Sylvain Beucler <beuc@beuc.net> 2020-07-11 12:19:25 +0200
committer: Sylvain Beucler <beuc@beuc.net> 2020-07-11 12:19:30 +0200
commit: ff4b2044a34420869395c8f3da5063df8f173b1f (patch)
tree: 72834455e49252fff182ad76bd9bb07db278ad9f /data/CVE/list.2013
parent: cd24f118afc7a04cdf47de7a1761a4bc813b1bb8 (diff)
1 files changed, 3 insertions, 3 deletions
diff --git a/data/CVE/list.2013 b/data/CVE/list.2013
index 458eed11cb..66b78e7e82 100644
--- a/data/CVE/list.2013
+++ b/data/CVE/list.2013
@@ -19121,9 +19121,9 @@ CVE-2013-0337 (The default configuration of nginx, possibly 1.3.13 and earlier,
 	[jessie] - nginx <ignored> (Minor issue)
 	[wheezy] - nginx <no-dsa> (Minor issue)
 	[squeeze] - nginx <no-dsa> (Minor issue)
-	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376
-	NOTE: resolved upstream.
-	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 fixes.
+	NOTE: Can only be fixed properly once https://trac.nginx.org/nginx/ticket/376 is resolved upstream
+	NOTE: Originally fixed in 1.4.4-2 but reintroduced with DSA-3701-1 (CVE-2016-1247)
+	NOTE: Post DSA-3701-1, Debian's default configuration is not affected, new log files are
 CVE-2013-0336 (The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ ...)
 	- 389-ds-base 1.3.2.9-1 (bug #704077)
 CVE-2013-0335 (OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1)  ...)
author	Sylvain Beucler <beuc@beuc.net>	2020-07-11 12:19:25 +0200
committer	Sylvain Beucler <beuc@beuc.net>	2020-07-11 12:19:30 +0200
commit	ff4b2044a34420869395c8f3da5063df8f173b1f (patch)
tree	72834455e49252fff182ad76bd9bb07db278ad9f /data/CVE/list.2013
parent	cd24f118afc7a04cdf47de7a1761a4bc813b1bb8 (diff)