Bug 1867261
Summary: | EPEL7 nginx package contains CVEs and it's two major versions behind. | ||
---|---|---|---|
Product: | [Fedora] Fedora EPEL | Reporter: | Dave <daveoz> |
Component: | nginx | Assignee: | Felix Kaechele <felix> |
Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | high | Docs Contact: | |
Priority: | unspecified | ||
Version: | epel7 | CC: | affix, athmanem, daveoz, jeremy, jkaluza, jorton, luhliari, pavel.lisy, peter.borsa, wtogami |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | x86_64 | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nginx-1.16.1-2.el7 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2020-10-01 00:31:06 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Dave
2020-08-07 22:28:07 UTC
Any updates on this? FEDORA-EPEL-2020-0f3f88c479 has been submitted as an update to Fedora EPEL 7. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0f3f88c479 I had in fact already prepared an update for EPEL7 which contains the patch for that CVE. I've pushed that update now. As per EPEL Packaging Guidelines the major version upgrade is not necessary here as there are patches to fix the security issues. The patch used in the upgrade is the same that Red Hat ships in their nginx SCL for EL 7. So if it's good enough for their customers it should be good enough for EPEL users ;-) Thank you so much, Felix. I appreciate that. I'll be updating our servers on the next patching cycle to have that updated nginx. :) Have a good rest of your day! - Dave FEDORA-EPEL-2020-0f3f88c479 has been pushed to the Fedora EPEL 7 testing repository. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-0f3f88c479 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates. FEDORA-EPEL-2020-0f3f88c479 has been pushed to the Fedora EPEL 7 stable repository. If problem still persists, please make note of it in this bug report. |