CVE-2022-43285 (https://github.com/nginx/njs/issues/533): Nginx NJS v0.7.4 was discovered to contain a segmentation violation in njs_promise_reaction_job.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=f200bd8f1206c0cec3141e3cccc44749131e6384 commit f200bd8f1206c0cec3141e3cccc44749131e6384 Author: Tomáš Mózes <hydrapolic@gmail.com> AuthorDate: 2022-10-31 07:43:56 +0000 Commit: Conrad Kostecki <conikost@gentoo.org> CommitDate: 2022-10-31 13:23:31 +0000 www-servers/nginx: update to njs 0.7.8 Bug: https://bugs.gentoo.org/878765 Signed-off-by: Tomáš Mózes <hydrapolic@gmail.com> Signed-off-by: Conrad Kostecki <conikost@gentoo.org> www-servers/nginx/Manifest | 1 + www-servers/nginx/nginx-1.23.2-r2.ebuild | 1060 ++++++++++++++++++++++++++++++ 2 files changed, 1061 insertions(+)
Thanks! Please stabilize when ready, but no rush.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=80a5d60baea3a47ef581f5676a0c08caf7bc5ca4 commit 80a5d60baea3a47ef581f5676a0c08caf7bc5ca4 Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2023-04-20 04:00:26 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2023-04-20 04:00:26 +0000 www-servers/nginx: drop 1.23.2 Bug: https://bugs.gentoo.org/878765 Signed-off-by: John Helmert III <ajak@gentoo.org> www-servers/nginx/Manifest | 6 - www-servers/nginx/nginx-1.23.2.ebuild | 1049 --------------------------------- 2 files changed, 1055 deletions(-)
Borderline invalid CVEs. No GLSA, closing.