CVE-2022-35173 (http://hg.nginx.org/njs/rev/b7c4e0f714a9): https://github.com/nginx/njs/issues/553 https://github.com/nginx/njs/commit/404553896792b8f5f429dc8852d15784a59d8d3e An issue was discovered in Nginx NJS v0.7.5. The JUMP offset for a break instruction was not set to a correct offset during code generation, leading to a segmentation violation.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=dce914f2bbf52360f45c90d877857df3c4c2a353 commit dce914f2bbf52360f45c90d877857df3c4c2a353 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-09-05 23:27:16 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-09-05 23:28:42 +0000 www-servers/nginx: bump njs module to 0.7.7 This fixes CVE-2022-35173. Bug: https://bugs.gentoo.org/865723 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 1 - www-servers/nginx/{nginx-1.21.6-r3.ebuild => nginx-1.21.6-r4.ebuild} | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=597f26b953627362ae32345dee6a45cf44c4cb37 commit 597f26b953627362ae32345dee6a45cf44c4cb37 Author: Conrad Kostecki <conikost@gentoo.org> AuthorDate: 2022-09-05 23:25:23 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-09-05 23:28:42 +0000 www-servers/nginx: bump njs module to 0.7.7 This fixes CVE-2022-35173. Bug: https://bugs.gentoo.org/865723 Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 2 +- www-servers/nginx/{nginx-1.23.1.ebuild => nginx-1.23.1-r1.ebuild} | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-)
Thanks, all done!
